diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE index 565e340cc..6f2cf7ace 100644 --- a/third_party/yara/YARAForge/RELEASE +++ b/third_party/yara/YARAForge/RELEASE @@ -1 +1 @@ -20241215 +20241222 diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar index bd8ac24e0..da678bb34 100644 --- a/third_party/yara/YARAForge/yara-rules-full.yar +++ b/third_party/yara/YARAForge/yara-rules-full.yar @@ -12,7 +12,7 @@ * Force Exclude Importance Level: 0 * Minimum Age (in days): 0 * Minimum Score: 40 - * Creation Date: 2024-12-15 + * Creation Date: 2024-12-22 * Number of Rules: 12313 * Skipped: 0 (age), 222 (quality), 7 (score), 0 (importance) */ @@ -20,7 +20,7 @@ * YARA Rule Set * Repository Name: ReversingLabs * Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 9bcb61c86aa4583e393269828225349a81ea08a4 * Number of Rules: 1218 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -5964,8 +5964,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE description = "Yara rule that detects Oct ransomware." author = "ReversingLabs" id = "d054239a-564e-5f1a-a380-62dadb020d8d" - date = "2024-10-15" - date = "2024-10-15" + date = "2024-10-22" + date = "2024-10-22" modified = "2021-08-12" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68" @@ -26936,8 +26936,8 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Oni ransomware." author = "ReversingLabs" id = "dff47f41-92e1-5a62-933e-cada3a698604" - date = "2024-12-15" - date = "2024-12-15" + date = "2024-12-22" + date = "2024-12-22" modified = "2020-12-07" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82" @@ -57020,8 +57020,8 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Vit virus." author = "ReversingLabs" id = "744a8269-5855-5222-ad8f-525c5d0534e6" - date = "2024-12-15" - date = "2024-12-15" + date = "2024-12-22" + date = "2024-12-22" modified = "2023-06-07" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Linux.Virus.Vit.yara#L3-L36" @@ -57260,8 +57260,8 @@ rule REVERSINGLABS_Win32_Virus_Awfull : TC_DETECTION MALICIOUS MALWARE FILE * YARA Rule Set * Repository Name: Elastic * Repository: https://github.com/elastic/protections-artifacts/ - * Retrieval Date: 2024-12-15 - * Git Commit: 401b9f547292bee56d26a35f5f9d313b0c513e89 + * Retrieval Date: 2024-12-22 + * Git Commit: c6eb0081d3784ad249bb8c3aa419fbfe54263215 * Number of Rules: 1848 * Skipped: 0 (age), 7 (quality), 0 (score), 0 (importance) * @@ -57372,8 +57372,8 @@ rule ELASTIC_Windows_Trojan_Warmcookie_7D32Fa90 : FILE MEMORY date = "2024-04-29" modified = "2024-05-08" reference = "https://www.elastic.co/security-labs/dipping-into-danger" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13" logic_hash = "v1_sha256_ed3be6e5c6127ef87f9ef6fe35b17815b96706e8e73a393ee9b0a8e3b0cd8f66" score = 75 @@ -57413,8 +57413,8 @@ rule ELASTIC_Windows_Trojan_Warmcookie_E8Cd480D : FILE MEMORY date = "2024-09-20" modified = "2024-09-30" reference = "https://www.elastic.co/security-labs/dipping-into-danger" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_WarmCookie.yar#L34-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_WarmCookie.yar#L34-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f4d2c9470b322af29b9188a3a590cbe85bacb9cc8fcd7c2e94d82271ded3f659" logic_hash = "v1_sha256_addbc2e454771592a0ce6e92784ceec3f9c061f2798fe7450ac750cda5734d36" score = 75 @@ -57446,8 +57446,8 @@ rule ELASTIC_Linux_Trojan_Truncpx_894D60F8 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2f09f2884fd5d3f5193bfc392656005bce6b935c12b3049ac8eb96862e4645ba" logic_hash = "v1_sha256_9bc0a7fbddac532b53c72681f349bca0370b1fe6fb2d16f539560085b3ec4be3" score = 75 @@ -57475,8 +57475,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_9D095C44 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722" logic_hash = "v1_sha256_2a2e6325d3de9289cc8bc26e1fe89a8fa81d9aae50b92ba2cf21c4cc6556ac9e" score = 75 @@ -57511,8 +57511,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_Be382Dac : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722" logic_hash = "v1_sha256_a13e37e7930d2d1ed1aa4fdeb282f11bfeb7fe008625589e2bfeab0beea43580" score = 75 @@ -57540,8 +57540,8 @@ rule ELASTIC_Windows_Exploit_Generic_E95Cc41C : FILE date = "2024-02-28" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_Generic.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_Generic.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4cce9e39c376f67c16df3bcd69efd9b7472c3b478e2e5ef347e1410f1105c38d" logic_hash = "v1_sha256_9b620988a6ee84ed0cbb0fb0a3cca633fffc8e6369ed45455e9e1e6c021ea461" score = 75 @@ -57582,8 +57582,8 @@ rule ELASTIC_Windows_Exploit_Generic_008359Cf : FILE date = "2024-02-28" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_Generic.yar#L34-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_Generic.yar#L34-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "73225a3a54560965f4c4fae73f7ee234e31217bc06ff8ba1d0b36ebab5e76a87" logic_hash = "v1_sha256_9514241b5573c8d01ccd012195e29aefc3ef8a12eb982e6dd9ec66b00c064bd8" score = 75 @@ -57616,8 +57616,8 @@ rule ELASTIC_Windows_Exploit_Generic_8C54846D : FILE date = "2024-02-29" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_Generic.yar#L59-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_Generic.yar#L59-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b6ea4815a38e606d4a2d6e6d711e610afec084db6899b7d6fc874491dd939495" logic_hash = "v1_sha256_0662c8edb449e15b16be3e53a88cf62af46b4a656c1a49b399e131c2ad71b55a" score = 75 @@ -57655,8 +57655,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_F40E3759 : FILE MEMORY date = "2021-09-15" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_541a4ca1da41f7cf54dff3fee917b219fadb60fd93a89b93b5efa3c1a57af81d" score = 75 quality = 75 @@ -57684,8 +57684,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_5C38878D : FILE MEMORY date = "2021-09-15" modified = "2021-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_897880d13318027ac5008fe8d008f09780d6fa807d6cc828b57975443358750c" score = 75 quality = 75 @@ -57712,8 +57712,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_21E801E0 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c3bda62725bb1047d203575bbe033f0f95d4dd6402c05f9d0c69d24bd3224ca6" logic_hash = "v1_sha256_19ef7bc8c7117024ca72956376954254c36eeb673f9379aa00475f763084a169" score = 75 @@ -57741,8 +57741,8 @@ rule ELASTIC_Windows_Trojan_Snakekeylogger_Af3Faa65 : FILE MEMORY date = "2021-04-06" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_54180a642d40b5366f1b400c347c25dc31397d662d6bb8af33c7d2319c97d3fb" score = 75 quality = 73 @@ -57783,8 +57783,8 @@ rule ELASTIC_Windows_Hacktool_Seatbelt_674Fd535 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a0e467aacd383727d46e766f1c45b424a6d46248118c155c22c538e8773b3ae7" logic_hash = "v1_sha256_1bff820ec5cc9e56e7be4b290a48628115cc1ace5e41278fa76898bf39ef893e" score = 75 @@ -57819,8 +57819,8 @@ rule ELASTIC_Linux_Trojan_Subsevux_E9E80C1E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a4ccd399ea99d4e31fbf2bbf8017c5368d29e630dc2985e90f07c10c980fa084" logic_hash = "v1_sha256_8bc38f26da5a3350cbae3e93b890220bb461ff77e83993a842f68db8f757e435" score = 75 @@ -57848,8 +57848,8 @@ rule ELASTIC_Windows_Trojan_Darkcloud_9905Abce : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "500cb8459c19acd5a1144c4b509c14dbddec74ad623896bfe946fde1cd99a571" logic_hash = "v1_sha256_27d3841d6acf87f5c9c03d643c7859d9eaf42e49ed0241b761f858c669c4e931" score = 75 @@ -57878,8 +57878,8 @@ rule ELASTIC_Windows_Trojan_Nanocore_D8C4E3C5 : FILE MEMORY date = "2021-06-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd" logic_hash = "v1_sha256_fcc13e834cd8a1f86b453fe3c0333cd358e129d6838a339a824f1a095d85552d" score = 75 @@ -57917,8 +57917,8 @@ rule ELASTIC_Linux_Trojan_Hiddad_E35Bff7B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "22a418e660b5a7a2e0cc1c1f3fe1d150831d75c4fedeed9817a221194522efcf" logic_hash = "v1_sha256_3881222807585dc933cb61473751d13297fa7eb085a50d435d3b680354a35ee9" score = 75 @@ -57946,8 +57946,8 @@ rule ELASTIC_Linux_Ransomware_Erebus_Ead4F55B : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6558330f07a7c90c40006346ed09e859b588d031193f8a9679fe11a85c8ccb37" logic_hash = "v1_sha256_82e81577372298623ee3ed3583bb18b2c0cfff30abbacf2909e7efca35c83bd7" score = 75 @@ -57977,8 +57977,8 @@ rule ELASTIC_Windows_Vulndriver_Echodrv_D17Ff31C : FILE date = "2023-10-31" modified = "2023-11-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9" logic_hash = "v1_sha256_0b2eb3c5da8703749ee63662495d6e8738ccdc353f3ac3df48e25a77312c0da0" score = 75 @@ -58006,8 +58006,8 @@ rule ELASTIC_Windows_Trojan_Deimos_F53Aee03 : FILE MEMORY date = "2021-09-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Deimos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Deimos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e" logic_hash = "v1_sha256_07675844a8790f8485b6545e7466cdef8ac4f92dec4cd8289aeaad2a0a448691" score = 75 @@ -58037,8 +58037,8 @@ rule ELASTIC_Windows_Trojan_Deimos_C70677B4 : FILE MEMORY date = "2021-09-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Deimos.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Deimos.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e" logic_hash = "v1_sha256_c969221f025b114b9d5738d43b6021ab9481dbc6b35eb129ea4f806160b1adc3" score = 75 @@ -58067,8 +58067,8 @@ rule ELASTIC_Macos_Infostealer_Mdquerypassw_6125F987 : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Infostealer_MdQueryPassw.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Infostealer_MdQueryPassw.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_72e0c1a7507733157f93e2bff82e6ec10d50986020eeeb27a02aba5cd8c78a81" score = 75 quality = 71 @@ -58096,8 +58096,8 @@ rule ELASTIC_Linux_Trojan_Rooter_C8D08D3A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rooter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rooter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f55e3aa4d875d8322cdd7caa17aa56e620473fe73c9b5ae0e18da5fbc602a6ba" logic_hash = "v1_sha256_c91f3112cc61acec08ab3cd59bab2ae833ba0d8ac565ffb26a46982f38af0e71" score = 75 @@ -58125,8 +58125,8 @@ rule ELASTIC_Linux_Trojan_Shark_B918Ab75 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Shark.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Shark.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8b6fe9f496996784e42b75fb42702aa47aefe32eac6f63dd16a0eb55358b6054" logic_hash = "v1_sha256_16302c29f2ae4109b8679933eb7fd9ef9306b0c215f20e8fff992b0b848974a9" score = 75 @@ -58154,8 +58154,8 @@ rule ELASTIC_Windows_Vulndriver_Procexp_Aeb4E5C0 : FILE date = "2022-04-04" modified = "2022-10-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c" logic_hash = "v1_sha256_827bb2efb6d3442233f81e87a42a3f5ee5caaeadc459070c6d347c6515866c93" score = 75 @@ -58185,8 +58185,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_F4Dee200 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c" logic_hash = "v1_sha256_abab541ebddf36c05e351d506d4f978a30d8a44ff09233a667d62a1692dabe15" score = 75 @@ -58215,8 +58215,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_370C5287 : FILE MEMORY date = "2022-03-24" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c" logic_hash = "v1_sha256_8a2934c28efef6a5fed26dc88d074aee15b0869370c66f6a4d6eaedf070eaa9e" score = 75 @@ -58244,8 +58244,8 @@ rule ELASTIC_Linux_Exploit_CVE_2018_10561_0F246E33 : FILE MEMORY CVE_2018_10561 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "eac08c105495e6fadd8651d2e9e650b6feba601ec78f537b17fb0e73f2973a1c" logic_hash = "v1_sha256_2c3785ddfded7128e983f3ec17a9f77c856d903f07e325b08f9f463950576ebe" score = 75 @@ -58273,8 +58273,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_C3522Fd0 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_00d28aafd242308ad6561547ed8c80dad3086859dacab09ffdd43d436bf9ec52" score = 75 quality = 75 @@ -58304,8 +58304,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_A6C09942 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_cecdeb21e041c90769b8fd8431fa87943461c1f7faa5ad15918524b91ba5c792" score = 75 quality = 75 @@ -58334,8 +58334,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_E19Feca1 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1f5a69b6749e887a5576843abb83388d5364e47601cf11fcac594008ace8e973" score = 75 quality = 75 @@ -58375,8 +58375,8 @@ rule ELASTIC_Windows_Hacktool_Godpotato_5F1Aad81 : FILE MEMORY date = "2024-06-24" modified = "2024-07-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_GodPotato.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_GodPotato.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00171bb6e9e4a9b8601e988a8c4ac6f5413e31e1b6d86d24b0b53520cd02184c" logic_hash = "v1_sha256_3028c84a616d47b37b4ef2d41d35ccef5121c06aa042096bca8ea53b528a1eb9" score = 75 @@ -58413,8 +58413,8 @@ rule ELASTIC_Windows_Trojan_Xworm_732E6C12 : FILE MEMORY date = "2023-04-03" modified = "2024-10-15" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_XWorm.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_XWorm.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bf5ea8d5fd573abb86de0f27e64df194e7f9efbaadd5063dee8ff9c5c3baeaa2" logic_hash = "v1_sha256_6aa72029eeeb2edd2472bf0db80b9c0ae4033d7d977cbee75ac94414d1cdff7a" score = 75 @@ -58448,8 +58448,8 @@ rule ELASTIC_Windows_Trojan_Xworm_B7D6Eaa8 : FILE MEMORY date = "2024-09-10" modified = "2024-10-15" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_XWorm.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_XWorm.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6fc4ff3f025545f7e092408b035066c1138253b972a2e9ef178e871d36f03acd" logic_hash = "v1_sha256_6a9da68dd1475974e71043a0e5a51d70762473c385d6acef34945019c7016b02" score = 75 @@ -58482,8 +58482,8 @@ rule ELASTIC_Windows_Trojan_Xworm_7078E1C8 : FILE MEMORY date = "2024-10-10" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_XWorm.yar#L52-L70" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_XWorm.yar#L52-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "034c8a18c15521069af36595357d9c8413a33544af8d3ea5f0ac7d471841e0ec" logic_hash = "v1_sha256_4c69648e4a68c8c46cf435f4dcac79176a023d8cd7209f9fa6a6b244797c66f3" score = 75 @@ -58511,8 +58511,8 @@ rule ELASTIC_Windows_Backdoor_Teamviewer_Df8E7326 : FILE MEMORY date = "2022-10-29" modified = "2022-12-20" reference = "https://vms.drweb.com/virus/?i=8172096" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "68d9ffb6e00c2694d0d827108d0410d5a66d4f8cf839afddd17c5887b0149350" logic_hash = "v1_sha256_3d42c76626c76959e450a81001c73d8d47b52789cab324e0cc7af09303c1367d" score = 75 @@ -58545,8 +58545,8 @@ rule ELASTIC_Linux_Ransomware_Agenda_4562A654 : FILE MEMORY date = "2024-09-12" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Agenda.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Agenda.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cd27a31e618fe93df37603e5ece3352a91f27671ee73bdc8ce9ad793cad72a0f" logic_hash = "v1_sha256_9e9adad7640cda1142c31e801d1473e4ddb84574ce1bb1694e40d96850fcb815" score = 75 @@ -58577,8 +58577,8 @@ rule ELASTIC_Macos_Trojan_Kandykorn_A7Bb6944 : FILE MEMORY date = "2023-10-23" modified = "2023-10-23" reference = "https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "51dd4efcf714e64b4ad472ea556bf1a017f40a193a647b9e28bf356979651077" logic_hash = "v1_sha256_65decd519dee947894dd684c52d91202ebe5587acfecc0b8b56cd73f2981e387" score = 75 @@ -58615,8 +58615,8 @@ rule ELASTIC_Windows_Trojan_Quasarrat_E52Df647 : FILE MEMORY date = "2021-06-27" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a58efd253a25cc764d63476931da2ddb305a0328253a810515f6735a6690de1d" logic_hash = "v1_sha256_41f32e0c9b3b43d10baef10060e064ad860558bcdeb4281a30d30c16615ed21d" score = 75 @@ -58648,8 +58648,8 @@ rule ELASTIC_Windows_Trojan_Sourshark_F0247Cce : FILE MEMORY date = "2024-06-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SourShark.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SourShark.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "07eb88c69437ee6e3ea2fbab5f2fbd8e846125d18c1da7d72bb462e9d083c9fc" logic_hash = "v1_sha256_0c5d802b5bfc771bdf5df541b18c7ab9de4f420fd3928bfd85b1a71cca2af1bc" score = 75 @@ -58679,8 +58679,8 @@ rule ELASTIC_Windows_Trojan_Sourshark_Adee8A17 : FILE MEMORY date = "2024-06-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SourShark.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SourShark.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "07eb88c69437ee6e3ea2fbab5f2fbd8e846125d18c1da7d72bb462e9d083c9fc" logic_hash = "v1_sha256_98a4d31849a1828c2154b5032a81580f5dcc8d4a65b96dea3a727e2a82a51666" score = 75 @@ -58708,8 +58708,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Edc62A10 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "64485ffc283e981c8b77db5a675c7ba2a04d3effaced522531185aa46eb6a36b" logic_hash = "v1_sha256_986cb6c28d2d9767a2fd084fdd71edb7a1c36e78ddedf3c562076cf6f5b5afd1" score = 75 @@ -58737,8 +58737,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Eee75D2C : FILE MEMORY date = "2023-08-25" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c" logic_hash = "v1_sha256_18cd9be4af210686872610f832ac0ad58a48588a1226fc6093348ceb8371c6b4" score = 75 @@ -58766,8 +58766,8 @@ rule ELASTIC_Linux_Hacktool_Ligolong_027C0134 : FILE MEMORY date = "2024-09-20" modified = "2024-11-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_LigoloNG.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_LigoloNG.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "eda6037bda3ccf6bbbaf105be0826669d5c4ac205273fefe103d8c648271de54" logic_hash = "v1_sha256_a6f3c1f4c044765d841992758f451666e8bf5225e1a9f02925619c99fe8e03cb" score = 75 @@ -58797,8 +58797,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2Aef46A6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d2c88774eb5227cf2d133644c648ebe5ba40c7e0acb2b432bc6a1a9da10bfb3f" score = 75 quality = 73 @@ -58825,8 +58825,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_A6572D63 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2ff33adb421a166895c3816d506a63dff4e1e8fa91f2ac8fb763dc6e8df59d6e" logic_hash = "v1_sha256_237392fe51c8528cb5ed446facfcd3535b8e1d594d77a542361873bd52426fa7" score = 75 @@ -58854,8 +58854,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E41143E1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_4564bf2019ff5086071ff147c9cf1e16b8627ce5d70cbe8370aecbd518d94b57" score = 75 quality = 75 @@ -58882,8 +58882,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_0Eb147Ca : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b" logic_hash = "v1_sha256_b20479af0767e5e8579489b5298648b9cc84b3e0778f58d8dc9deb252d0f4806" score = 75 @@ -58911,8 +58911,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ba961Ed2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L79-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L79-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b" logic_hash = "v1_sha256_5b486c698c9c61dc126be5dbeea862b1f9bb5a6859c02a0fff125a9890147a6b" score = 75 @@ -58940,8 +58940,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2084099A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L99-L116" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L99-L116" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_6674be1438ec290550c9586afda335755279a4aedadde455ffc0b41d1a0e634d" score = 75 quality = 75 @@ -58968,8 +58968,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_61C88137 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L118-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L118-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "479ef38fa00bb13a3aa8448aa4a4434613c6729975e193eec29fc5047f339111" logic_hash = "v1_sha256_e999355606ee7389be160ce3e96c6a62d7f9132b95cfec7d9f8b1a670551e6b8" score = 75 @@ -58997,8 +58997,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Debb98A1 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L138-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L138-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "494f549e3dd144e8bcb230dd7b3faa8ff5107d86d9548b21b619a0318e362cad" logic_hash = "v1_sha256_c2e43818fcf18d34a6a3611aaaafde31d96b41867d15dfdb1dec20203f5907eb" score = 75 @@ -59026,8 +59026,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1D6E10Fd : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4c7851316f01ae84ee64165be3ba910ab9b415d7f0e2f5b7e5c5a0eaefa3c287" logic_hash = "v1_sha256_01ec1af1ca03173e867113c3bec7911990a0c8c2d9f19b5233715a7f7490f5f1" score = 75 @@ -59055,8 +59055,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E3Ffbbcc : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "28b7ddf2548411910af033b41982cdc74efd8a6ef059a54fda1b6cbd59faa8f6" logic_hash = "v1_sha256_54711c2d3e6d73cf4358ba4a65cb19d996adcfa905c0089a18a61fe841fe9a34" score = 75 @@ -59084,8 +59084,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_30F3B4D4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b15d43d3535965ec9b84334cf9def0e8c3d064ffc022f6890320cd6045175bc" logic_hash = "v1_sha256_99efc257ff2afb779304451bd9f6f6ce9e88f54954189601ed10e95e2268dd4f" score = 75 @@ -59113,8 +59113,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ca75589C : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0448c1b2c7c738404ba11ff4b38cdc8f865ccf1e202f6711345da53ce46e7e16" logic_hash = "v1_sha256_c717e6f85a5b30514803ba43c85d82e2aaa4533b7f74db5345df83d1cc4c6551" score = 75 @@ -59142,8 +59142,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_7909Cdd2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L238-L256" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L238-L256" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0a4a5874f43adbe71da88dc0ef124f1bf2f4e70d0b1b5461b2788587445f79d9" logic_hash = "v1_sha256_4b2557ab78d22ae4f46e5813ba5dc4663cd92b945a1add3155f77d3030ccc92d" score = 75 @@ -59171,8 +59171,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2522D611 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L258-L276" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L258-L276" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0c2be53e298c285db8b028f563e97bf1cdced0c4564a34e740289b340db2aac1" logic_hash = "v1_sha256_59f2552809bc48e16719cb9b4d2a7b99999307803fce031ca39eb24e14b88908" score = 75 @@ -59200,8 +59200,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_56Bd04D3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L278-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L278-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0d2ce3891851808fb36779a348a83bf4aa9de1a2b2684fd0692434682afac5ec" logic_hash = "v1_sha256_47a33fcd69dd78cbc6c3274aeaa8dddabe119ae65b59077e1807657b8a67fed3" score = 75 @@ -59229,8 +59229,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_F412E4B4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L298-L316" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L298-L316" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0e3a3f7973f747fcb23c72289116659c7f158c604d937d6ca7302fbab71851e9" logic_hash = "v1_sha256_b4e1b193e80aa88b91255df3a5f2e45de7f23fdba4a28d3ceb12db63098e70e5" score = 75 @@ -59258,8 +59258,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_71F8E26C : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L318-L336" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L318-L336" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "13f873f83b84a0d38eb3437102f174f24a0ad3c5a53b83f0ee51c62c29fb1465" logic_hash = "v1_sha256_f9f2f22acd4f52cc313e3ecf425604651e0b8c78e33480d4d05bae5b8c9661fb" score = 75 @@ -59287,8 +59287,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1A562D3B : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L338-L356" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L338-L356" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "15731db615b32c49c34f41fe84944eeaf2fc79dafaaa9ad6bf1b07d26482f055" logic_hash = "v1_sha256_8d3b369bdcecd675f99cedf26dba202256555be0f5feae612404f9b5e109fa93" score = 75 @@ -59316,8 +59316,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_410256Ac : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L358-L376" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L358-L376" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "15f44e10ece90dec1a6104d5be1effefa17614d9f0cfb2784305dab85367b741" logic_hash = "v1_sha256_88227af6d2f365b761961bdf4b94bed81bca79e23d546e69900faa17c3e4dc71" score = 75 @@ -59345,8 +59345,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_93Fa87F1 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L378-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L378-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "165b4a28fd6335d4e4dfefb6c40f41f16d8c7d9ab0941ccd23e36cda931f715e" logic_hash = "v1_sha256_2a1e797d4dd2599b5c67e73e3c909a1803e604edf0b6ba228713ee375ccc9b16" score = 75 @@ -59374,8 +59374,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_8677Dca3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L398-L416" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L398-L416" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "23813dc4aa56683e1426e5823adc3aab854469c9c0f3ec1a3fad40fa906929f2" logic_hash = "v1_sha256_9902758dfb61e8b60b281f3f51cda8a10d58eb0cc20743f97998d7bcf120c299" score = 75 @@ -59403,8 +59403,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ebce4304 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L418-L436" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L418-L436" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b" logic_hash = "v1_sha256_42fbfc2c2636c2e3a5da5e51c6bf99f6114ec7d00b88371a34e1fdbe81d1264a" score = 75 @@ -59432,8 +59432,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_073E6161 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L438-L456" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L438-L456" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b" logic_hash = "v1_sha256_2c98058add77c55ab68491eec041d7670f726a9ec93258ae7bb8f0e6721b4ca3" score = 75 @@ -59461,8 +59461,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Bef22375 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xorddos.yar#L458-L476" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xorddos.yar#L458-L476" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f47baf48deb71910716beab9da1b1e24dc6de9575963e238735b6bcedfe73122" logic_hash = "v1_sha256_3991ebdb310338516d5fdd137ba2ac63dc870337785a31d59dcad49135f190e5" score = 75 @@ -59490,8 +59490,8 @@ rule ELASTIC_Windows_Trojan_Dodgebox_095012D2 : FILE MEMORY date = "2024-07-11" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DodgeBox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DodgeBox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c6a3a1ea84251aed908702a1f2a565496d583239c5f467f5dcd0cfc5bfb1a6db" logic_hash = "v1_sha256_f1fe9b05deaebaddd83dda0ad98602b49682f8ba767de8c0ffad761d344c5115" score = 75 @@ -59523,8 +59523,8 @@ rule ELASTIC_Windows_Trojan_Systembc_5E883723 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b432805eb6b2b58dd957481aa8a973be58915c26c04630ce395753c6a5196b14" logic_hash = "v1_sha256_fde2e0b5debd4d26838fb245fdf8e5103ab5aab9feff900cbba00c1950adc61a" score = 75 @@ -59557,8 +59557,8 @@ rule ELASTIC_Windows_Trojan_Systembc_C1B58C2F : FILE MEMORY date = "2024-05-02" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "016fc1db90d9d18fe25ed380606346ef12b886e1db0d80fe58c22da23f6d677d" logic_hash = "v1_sha256_16ed14dac0c30500c5e91759b0a1b321f3bd53ae6aab1389a685582eba72c222" score = 75 @@ -59591,8 +59591,8 @@ rule ELASTIC_Linux_Trojan_Xhide_7F0A131B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xhide.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xhide.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "v1_sha256_4843042576d1f4f37b5a7cda1b261831030d9145c49b57e9b4c66e2658cc8cf9" score = 75 @@ -59620,8 +59620,8 @@ rule ELASTIC_Linux_Trojan_Xhide_Cd8489F7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xhide.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xhide.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "v1_sha256_34924260c811f1796ae37faec922bc21bb312ebb0672042d3ec27855f63ed61e" score = 75 @@ -59649,8 +59649,8 @@ rule ELASTIC_Linux_Trojan_Xhide_840B27C7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xhide.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xhide.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "v1_sha256_6b0bfe69558399af6e0469a31741dcf2eb91fbe3e130267139240d3458eb8a0d" score = 75 @@ -59678,8 +59678,8 @@ rule ELASTIC_Linux_Hacktool_Prochide_7333221A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fad956a6a38abac8a8a0f14cc50f473ec6fc1c9fd204e235b89523183931090b" logic_hash = "v1_sha256_413f19744240eae0a87d56da1e524e2afa0fe0ec385bd9369218713b13a93495" score = 75 @@ -59707,8 +59707,8 @@ rule ELASTIC_Linux_Trojan_Sfloost_69A5343A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0cd73db5165671c7bbd9493c34d693d25b845a9a21706081e1bf44bf0312ef9" logic_hash = "v1_sha256_bd3cd33d02c7ca1d3a0364e5e3e2f968f32da8f087f744232f3cb786da6c7875" score = 75 @@ -59736,8 +59736,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_53692410 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "v1_sha256_b8aa25fbde4d9ca36656f583e7601118a06e57703862c8b28b273881eef504fe" score = 60 @@ -59765,8 +59765,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_013E07De : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "v1_sha256_ce21de61f94d41aa3abb73b9391a4d9c8ddeea75f1a2b36be58111b70a9590fe" score = 60 @@ -59794,8 +59794,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_0De95Cab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "717bea3902109d1b1d57e57c26b81442c0705af774139cd73105b2994ab89514" logic_hash = "v1_sha256_adec3e1d3110bcc22262d5f1f2ad14a347616f4a809f29170a9fbb5d1669a4c3" score = 75 @@ -59823,8 +59823,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_711259E4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "v1_sha256_a71dbb979bc1f7671ab9958b6aa502e6ded4ee1c1b026080fd377eb772ebb1d5" score = 75 @@ -59852,8 +59852,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_7478Ddd9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "20e1509c23d7ef14b15823e4c56b9a590e70c5b7960a04e94b662fc34152266c" logic_hash = "v1_sha256_e650ee830b735a11088b628e865cd40a15054437ca05849f2eaa7838eac152e3" score = 75 @@ -59881,8 +59881,8 @@ rule ELASTIC_Windows_Vulndriver_Lha_F72Bff9A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf" logic_hash = "v1_sha256_cea05432b47cf14982bda74476c8c8582068c22fe7dec6468c9756c20412dca2" score = 75 @@ -59911,8 +59911,8 @@ rule ELASTIC_Linux_Worm_Generic_920D273F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Worm_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Worm_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "04a65bc73fab91f654d448b2d7f8f15ac782965dcdeec586e20b5c7a8cc42d73" logic_hash = "v1_sha256_d0ed260857ae3002483ea7ef242b82514caaa95c2700b39dd0a03d39fdde090d" score = 75 @@ -59940,8 +59940,8 @@ rule ELASTIC_Linux_Worm_Generic_98Efcd38 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Worm_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Worm_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "87507f5cd73fffdb264d76db9b75f30fe21cc113bcf82c524c5386b5a380d4bb" logic_hash = "v1_sha256_c1a130d2ef8d09cb28adc4e347cbd1a083c78241752ecf3f935b03d774d00a81" score = 60 @@ -59969,8 +59969,8 @@ rule ELASTIC_Linux_Worm_Generic_Bd64472E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Worm_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Worm_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b3334a3b61b1a3fc14763dc3d590100ed5e85a97493c89b499b02b76f7a0a7d0" logic_hash = "v1_sha256_9a7267a0ebc1073d0b1f81a61b963642cc816b563b43ff4d9508dd8bc195a0e1" score = 75 @@ -59998,8 +59998,8 @@ rule ELASTIC_Linux_Worm_Generic_3Ff8F75B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Worm_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Worm_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "991175a96b719982f3a846df4a66161a02225c21b12a879e233e19124e90bd35" logic_hash = "v1_sha256_798e98f286201f1cda18bf1bf433826cf8a949b584f016b24a684425069d1024" score = 75 @@ -60027,8 +60027,8 @@ rule ELASTIC_Windows_Vulndriver_Asio_5F9F29Be : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15" logic_hash = "v1_sha256_a901d81737c7e6d00e87f0eec758dd063eade59d9883e85e04a33bb18f2f99de" score = 75 @@ -60056,8 +60056,8 @@ rule ELASTIC_Linux_Trojan_Zpevdo_7F563544 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_9cbbb5a9166184cef630d1aba8fec721f676b868d22b1f96ffc1430e98ae974c" score = 75 quality = 75 @@ -60084,8 +60084,8 @@ rule ELASTIC_Linux_Cryptominer_Miancha_646803Ef : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4c7761c9376ed065887dc6ce852491641419eb2d1f393c37ed0a5cb29bd108d4" logic_hash = "v1_sha256_8fd386c0e7037565e8ab206642cc8c11f05ca727b365b94ffdd991f4bed95556" score = 75 @@ -60113,8 +60113,8 @@ rule ELASTIC_Windows_Trojan_Babble_0D6C9505 : FILE MEMORY date = "2024-11-18" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Babble.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Babble.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fa292bfcf81223bab0f79d4ce08187e37d68960005629df0241ea22f0b95d7a8" logic_hash = "v1_sha256_e77a2e865e0a13bf2b5445e21d85d21fb0d1f816ac5c315cefda98cbb6cb7cca" score = 75 @@ -60143,8 +60143,8 @@ rule ELASTIC_Windows_Infostealer_Strela_0Dc3E4A1 : MEMORY date = "2024-03-25" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Infostealer_Strela.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Infostealer_Strela.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e6991b12e86629b38e178fef129dfda1d454391ffbb236703f8c026d6d55b9a1" logic_hash = "v1_sha256_ac1b53f2857fd13ba0e33aa94c65f0d5fa22b76d504fff347b3ff0a53f37ee26" score = 75 @@ -60178,8 +60178,8 @@ rule ELASTIC_Windows_Virus_Expiro_84E99Ff0 : FILE MEMORY date = "2023-09-26" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Virus_Expiro.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Virus_Expiro.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "47107836ead700bddbe9e8a0c016b5b1443c785442b2addbb50a70445779bad7" logic_hash = "v1_sha256_ce4847bf5850c1f30dca9603bfbbfbb69339285f096ac469c6d2d4b04f5562b4" score = 75 @@ -60208,8 +60208,8 @@ rule ELASTIC_Windows_Virus_Neshta_2A5A14C8 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Virus_Neshta.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Virus_Neshta.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f298214764ee9ab690cb4b376d8a7893edcd9c05a3c4e6f3a56010974a130bd7" logic_hash = "v1_sha256_0b5d0603f4c20a2368f697dd84cfe1790a5d0e5904c76066601c9e3d1b5ed1e1" score = 75 @@ -60238,8 +60238,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_D63F5E54 : FILE MEMORY date = "2023-03-16" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_523dcff68a51ea8fb022066b5f09394e8174d6c157222a08100de30669898057" score = 75 quality = 75 @@ -60269,8 +60269,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_2E50F393 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_3ca1d4568fea7b2e4e9d30ba03662a2c28ee8623d887a0336e27989b5c98b55f" score = 75 quality = 75 @@ -60299,8 +60299,8 @@ rule ELASTIC_Windows_Vulndriver_Powertool_044A8645 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c" logic_hash = "v1_sha256_b21c16cb72d003c505aa0ac4cc21b92513a100bad6870460090994c02cad875a" score = 75 @@ -60329,8 +60329,8 @@ rule ELASTIC_Windows_Trojan_Icedid_1Cd868A6 : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff" logic_hash = "v1_sha256_4765b2b1d463f09d7e21367c2832b3ad668aa67d8078798a14295b6e6c846c1c" score = 75 @@ -60358,8 +60358,8 @@ rule ELASTIC_Windows_Trojan_Icedid_237E9Fb6 : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457" logic_hash = "v1_sha256_31479eae077b2d78cb1770eef3b37bec941f35c9ceb329e01dd65a32e785fa74" score = 75 @@ -60387,8 +60387,8 @@ rule ELASTIC_Windows_Trojan_Icedid_F1Ce2F0A : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457" logic_hash = "v1_sha256_a1f1824a7208201616dde40bea514dfc2cdf908bd8ed24b9f96c2bcad2c8107f" score = 75 @@ -60416,8 +60416,8 @@ rule ELASTIC_Windows_Trojan_Icedid_08530E24 : FILE MEMORY date = "2021-03-21" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L67-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L67-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "31db92c7920e82e49a968220480e9f130dea9b386083b78a79985b554ecdc6e4" logic_hash = "v1_sha256_a63511edde9d873e184ddb4720b4752b0e7df4bdb2114b05c16f2ca0594eb6b8" score = 75 @@ -60458,8 +60458,8 @@ rule ELASTIC_Windows_Trojan_Icedid_11D24D35 : FILE MEMORY date = "2022-02-16" modified = "2022-04-06" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L101-L121" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L101-L121" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982" logic_hash = "v1_sha256_4a5d0f37e3e80e370ae79fd45256dbd274ed8f8bcd021e8d6f95a0bc0bc5321f" score = 75 @@ -60488,8 +60488,8 @@ rule ELASTIC_Windows_Trojan_Icedid_0B62E783 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L123-L142" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L123-L142" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "v1_sha256_aca126529dfa8047ed7dfdc60d970759ab5307448d7d764f88e402cd8d2a016f" score = 75 @@ -60517,8 +60517,8 @@ rule ELASTIC_Windows_Trojan_Icedid_91562D18 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L144-L163" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L144-L163" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "v1_sha256_81c87d0d6726bc2dde42fe93c77af53cdd29bb6437fe3d47d1b4550140722c88" score = 75 @@ -60546,8 +60546,8 @@ rule ELASTIC_Windows_Trojan_Icedid_2086Aecb : FILE MEMORY date = "2022-04-06" modified = "2022-03-02" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L165-L184" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L165-L184" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "v1_sha256_561bf7eacfbbf1b4e0c111347f0d6ff4325bdbce8db73bee1ba836b610569c0d" score = 75 @@ -60575,8 +60575,8 @@ rule ELASTIC_Windows_Trojan_Icedid_48029E37 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L186-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L186-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "v1_sha256_1fe337d7a0607938aaf57cf25c1373aadf315b7a8cec133d6d30a38bd58e1027" score = 75 @@ -60604,8 +60604,8 @@ rule ELASTIC_Windows_Trojan_Icedid_56459277 : FILE MEMORY date = "2022-08-21" modified = "2023-03-02" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L207-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L207-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "21b1a635db2723266af4b46539f67253171399830102167c607c6dbf83d6d41c" logic_hash = "v1_sha256_a18557217c69a3bb8c3da7725d2e0ed849741f8e36341a4ea80eea09d47a5b45" score = 75 @@ -60644,8 +60644,8 @@ rule ELASTIC_Windows_Trojan_Icedid_7C1619E3 : FILE MEMORY date = "2022-12-20" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L239-L261" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L239-L261" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4f6de748628b8b06eeef3a5fabfe486bfd7aaa92f50dc5a8a8c70ec038cd33b1" logic_hash = "v1_sha256_24ddaf474dabc5e91cce08734a035feced9048a3faac4ff236bc97e6caabd642" score = 75 @@ -60676,8 +60676,8 @@ rule ELASTIC_Windows_Trojan_Icedid_D8B23Cd6 : FILE MEMORY date = "2023-01-03" modified = "2023-01-03" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L263-L294" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L263-L294" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bd4da2f84c29437bc7efe9599a3a41f574105d449ac0d9b270faaca8795153ab" logic_hash = "v1_sha256_47e427a4f088de523115f438cad9fc26233158b0518d87703c282df351110762" score = 75 @@ -60717,8 +60717,8 @@ rule ELASTIC_Windows_Trojan_Icedid_A2Ca5F80 : FILE MEMORY date = "2023-01-16" modified = "2023-04-23" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L296-L323" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L296-L323" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e36266cd66b9542f2eb9d38f9a01f7b480f2bcdbe61fe20944dca33e22bd3281" score = 75 quality = 75 @@ -60754,8 +60754,8 @@ rule ELASTIC_Windows_Trojan_Icedid_B8C59889 : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L325-L349" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L325-L349" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a63d08cd53053bfda17b8707ab3a94cf3d6021097335dc40d5d211fb9faed045" logic_hash = "v1_sha256_08c6c604d1791c35a8494e5ec8a96e8c5dd2ca3d6c57971da20057ce8960fa1d" score = 75 @@ -60788,8 +60788,8 @@ rule ELASTIC_Windows_Trojan_Icedid_81Eff9A3 : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_IcedID.yar#L351-L371" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_IcedID.yar#L351-L371" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "96dacdf50d1db495c8395d7cf454aa3a824801cf366ac368fe496f89b5f98fe7" logic_hash = "v1_sha256_923dd8166cce0ec32b3b8b20cad192b3c15b7ce7c17fd44ddda739ad205a6c06" score = 75 @@ -60818,8 +60818,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_8859E8E8 : FILE MEMORY date = "2021-05-03" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ae7bedf236d4e53a33f3a3e1e80eae2d93e91b1988da2f7fcb8fde5dcc3a0e9" logic_hash = "v1_sha256_72cc718724d9d9a391a9f7a0932ebf397c2ab79558437533bef6e380b06baff9" score = 75 @@ -60860,8 +60860,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_4B668121 : FILE MEMORY date = "2021-05-03" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9a7daafc56300bd94ceef23eac56a0735b63ec6b9a7a409fb5a9b63efe1aa0b0" logic_hash = "v1_sha256_00c7a492c304f12b9909e35cf069618a1103311a69e3e8951ca196c3c663b12a" score = 75 @@ -60896,8 +60896,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_D9391A1A : FILE MEMORY date = "2021-05-03" modified = "2023-01-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "10887d13dba1f83ef34e047455a04416d25a83079a7f3798ce3483e0526e3768" logic_hash = "v1_sha256_074ca47c0526d9828f3c07c7d6dbdd1cec609670d70340b022ae2c712ad80305" score = 75 @@ -60926,8 +60926,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_5F92F226 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53" logic_hash = "v1_sha256_e7ade7aec563c1dc602dfd7fda8c063058f47ae2a915959468792fce389b38f1" score = 75 @@ -60957,8 +60957,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_84D508Ad : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495" logic_hash = "v1_sha256_a3e1b41155c7dd347976a1057cb763ab60c50c34e981fef050bd54f060a412fc" score = 75 @@ -60988,8 +60988,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_E64A16B1 : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "33352a38454cfc247bc7465bf177f5f97d7fd0bd220103d4422c8ec45b4d3d0e" logic_hash = "v1_sha256_915425ad49f1b9ebde114f92155d5969ec707304403f46d891d014b399165a4d" score = 75 @@ -61018,8 +61018,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_95A98E69 : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00f18713f860dc8394fb23a1a2b6280d1eb2f20a487c175433a7b495a1ba408d" logic_hash = "v1_sha256_d17ef93943e826613be4c21ad1e41d1daa33db9da0fa6106bb8ba6334ebe1d08" score = 75 @@ -61049,8 +61049,8 @@ rule ELASTIC_Multi_Hacktool_Rakshasa_D5D3Ef21 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ccfa30a40445d5237aaee1e015ecfcd9bdbe7665a6dc2736b28e5ebf07ec4597" logic_hash = "v1_sha256_123cbea0ce02012a9b22a4a241d11aa9acbb58b50a1bd9228da7cadbf0fa1b4e" score = 75 @@ -61082,8 +61082,8 @@ rule ELASTIC_Windows_Trojan_Sythe_02B2811A : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Sythe.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Sythe.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2d54a8ba40cc9a1c74db7a889bc75a38f16ae2d025268aa07851c1948daa1b4d" logic_hash = "v1_sha256_ba472b35f583dd4cf125df575129d07de289d6d7dc12ecdcc518ce1eb9f18def" score = 75 @@ -61114,8 +61114,8 @@ rule ELASTIC_Windows_Hacktool_Executeassembly_F41F4Df6 : FILE MEMORY date = "2023-03-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a468ba2ba77aafa2a572c8947d414e74604a7c1c6e68a0b87fbfce4f8854dd61" logic_hash = "v1_sha256_ab72dec636a96338e16fd57f2db4bb52e38fe61315b42c2ffe9c4566fc0326d3" score = 75 @@ -61144,8 +61144,8 @@ rule ELASTIC_Windows_Trojan_Modpipe_12Bc2604 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_0a26de1b2fb48d65cde61b60c0eba478da73a3eeaeb785d1b2d6095eccbe34e2" score = 75 quality = 75 @@ -61175,8 +61175,8 @@ rule ELASTIC_Macos_Trojan_Adload_4995469F : FILE MEMORY date = "2021-10-04" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Adload.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Adload.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6464ca7b36197cccf0dac00f21c43f0cb09f900006b1934e2b3667b367114de5" logic_hash = "v1_sha256_cceb804a11b93b0e3f491016c47a823d9e6a31294c3ed05d4404601323b30993" score = 75 @@ -61204,8 +61204,8 @@ rule ELASTIC_Macos_Trojan_Adload_9B9F86C7 : FILE MEMORY date = "2021-10-04" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Adload.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Adload.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "952e6004ce164ba607ac7fddc1df3d0d6cac07d271d90be02d790c52e49cb73c" logic_hash = "v1_sha256_82297db23e036f22c90eee7b2654e84df847eb1c2b1ea4dcf358c48a14819709" score = 75 @@ -61233,8 +61233,8 @@ rule ELASTIC_Macos_Trojan_Adload_F6B18A0A : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Adload.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Adload.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "06f38bb811e6a6c38b5e2db708d4063f4aea27fcd193d57c60594f25a86488c8" logic_hash = "v1_sha256_20d43fbf0b8155940e2e181f376a7b1979ce248d88dc08409aaa1a916777231c" score = 75 @@ -61262,8 +61262,8 @@ rule ELASTIC_Linux_Trojan_Connectback_Bf194C93 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Connectback.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Connectback.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6784cb86460bddf1226f71f5f5361463cbda487f813d19cd88e8a4a1eb1a417b" logic_hash = "v1_sha256_148626e05caee4a2b2542726ea4e4dab074eeab0572a65fdbd32f5d96544daf8" score = 75 @@ -61291,8 +61291,8 @@ rule ELASTIC_Linux_Exploit_CVE_2014_3153_1C1E02Ad : FILE MEMORY CVE_2014_3153 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "64b8c61b73f0c0c0bd44ea5c2bcfb7b665fcca219dbe074a4a16ae20cd565812" logic_hash = "v1_sha256_42e9de7f306343c4c3e7fd02b414b429faacb837fb2910f98f0c1519da40074c" score = 75 @@ -61320,8 +61320,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3Ac2C13C : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Makop.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Makop.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad" logic_hash = "v1_sha256_3fa7c506010a87ac97f415db32c21af091dff26fd912a8f9f5bb5e8d43a8da9e" score = 75 @@ -61349,8 +61349,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3E388338 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Makop.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Makop.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad" logic_hash = "v1_sha256_5a6e5fd725f3d042c0c95b42ad00c93965a49aa6bda6ec5383a239f18d74742e" score = 75 @@ -61383,8 +61383,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_Fa1F1338 : FILE MEMORY date = "2023-12-14" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876" logic_hash = "v1_sha256_d5447a57fc57af52c263b84522346a3e94a464a698de8be77eab3b56156164f2" score = 75 @@ -61414,8 +61414,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_07Ef6F14 : FILE MEMORY date = "2023-12-14" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876" logic_hash = "v1_sha256_2820286b362b107fc7fc3ec8f1a004a7d7926a84318f2943f58239f1f7e8f1f0" score = 75 @@ -61444,8 +61444,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_Ea0140A1 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4" logic_hash = "v1_sha256_e2c05e2c92444d7bcb2bf68e97f809072d2ccdc8a171214d2e7a498b20d08f90" score = 75 @@ -61473,8 +61473,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_97D7575B : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4" logic_hash = "v1_sha256_9c85f98aaae28e9e90a94d6ce18389467013ea6b569f46f6acaf26a6c7e027fc" score = 75 @@ -61502,8 +61502,8 @@ rule ELASTIC_Macos_Infostealer_Encodedosascript_Eeb54A7E : FILE MEMORY date = "2024-08-19" modified = "2024-08-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Macos_Infostealer_EncodedOsascript.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Macos_Infostealer_EncodedOsascript.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c1693ee747e31541919f84dfa89e36ca5b74074044b181656d95d7f40af34a05" logic_hash = "v1_sha256_2f450c9afd92f52cdd8333e39e41b7334a01ddc39371c118260820a878359742" score = 75 @@ -61533,8 +61533,8 @@ rule ELASTIC_Linux_Trojan_Xzbackdoor_74E87A9D : FILE MEMORY date = "2024-03-30" modified = "2024-04-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049" logic_hash = "v1_sha256_c777171c36d9369ade7bf44c7cc4e5aee16bb4c803431bc480cc0f8ebb2819c0" score = 75 @@ -61566,8 +61566,8 @@ rule ELASTIC_Windows_Ransomware_Pandora_Bca8Ce23 : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224" logic_hash = "v1_sha256_52203c1af994667ba6833defe547e886dd02167e4d76c57711080e3be0473bfc" score = 75 @@ -61597,8 +61597,8 @@ rule ELASTIC_Macos_Backdoor_Applejeus_31872Ae2 : FILE MEMORY date = "2021-10-18" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e352d6ea4da596abfdf51f617584611fc9321d5a6d1c22aff243aecdef8e7e55" logic_hash = "v1_sha256_1d6f06668a7d048a93e53b294c5ab8ffe4cd610f3bef3fd80f14425ef8a85a29" score = 75 @@ -61626,8 +61626,8 @@ rule ELASTIC_Windows_Ransomware_Haron_A1C12E7E : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Haron.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Haron.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c" logic_hash = "v1_sha256_84df5a13495acee5dc2007cf1d6e1828a832d46fcbad2ca8676643fd47756248" score = 75 @@ -61656,8 +61656,8 @@ rule ELASTIC_Windows_Ransomware_Haron_23B76Cb7 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Haron.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Haron.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c" logic_hash = "v1_sha256_e53c92be617444da0057680ee1ac45cbc1f707194281644bececa44e4ebe3580" score = 75 @@ -61686,8 +61686,8 @@ rule ELASTIC_Windows_Trojan_Oskistealer_A158B1E3 : FILE MEMORY date = "2022-03-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "568cd515c9a3bce7ef21520761b02cbfc95d8884d5b2dc38fc352af92356c694" logic_hash = "v1_sha256_0ddbe0b234ed60f5a3fc537cdaebf39f639ee24fd66143c9036a9f4786d4c51b" score = 75 @@ -61719,8 +61719,8 @@ rule ELASTIC_Linux_Exploit_Pulse_2Bea17E8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Pulse.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Pulse.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559" logic_hash = "v1_sha256_bc71efa6cc79171666d89fe3e755411ee8032f56ae5bd73e0de440eee5b718ab" score = 75 @@ -61748,8 +61748,8 @@ rule ELASTIC_Linux_Exploit_Pulse_246E6F31 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Pulse.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Pulse.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559" logic_hash = "v1_sha256_f6755f10863b78303899cefcd81f609884fbbf2dffabd9219686ed869f2cc7e3" score = 75 @@ -61777,8 +61777,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6660D29F : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_4c12eaa44f82c6f729e51242c9c1836eb1856959c682e2d2e21b975104c197b6" score = 75 quality = 75 @@ -61807,8 +61807,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6Ab188Da : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_429c87d293b7f517a594e8be020cbe7f8302a8b6eb8337f090ca18973aafbde4" score = 75 quality = 75 @@ -61836,8 +61836,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_4Fb1A155 : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_eb041a836b2bc73312a2f87523d817d5274f3d43d3e5fe6aacfad1399c61a9de" score = 75 quality = 75 @@ -61865,8 +61865,8 @@ rule ELASTIC_Windows_Trojan_Limerat_24269A79 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Limerat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Limerat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ec781a714d6bc6fac48d59890d9ae594ffd4dbc95710f2da1f1aa3d5b87b9e01" logic_hash = "v1_sha256_053a6abe589db23c4b9baed24729c8bcdd9019535fd0d9efc60ab4035c9779f3" score = 75 @@ -61894,8 +61894,8 @@ rule ELASTIC_Linux_Trojan_Godlua_Ed8E6228 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Godlua.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Godlua.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_848ef3b198737f080f19c5fa55dfbc31356427398074f9125c65cb532c52ce7a" score = 75 quality = 75 @@ -61922,8 +61922,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_F24023F3 : BETA FILE MEMORY date = "2020-10-15" modified = "2021-08-23" reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_5695b44f6ce018a91a99b6c94feae740ff4ac187e232bc9044e51d62d1f42bfa" score = 75 quality = 75 @@ -61956,8 +61956,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_4Ec2B90C : BETA FILE MEMORY date = "2020-10-15" modified = "2021-08-23" reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8342d92e1486b1289645828e5ee5f1f6f21a0e645dd7cc4eca908ed59c2f1c4c" score = 75 quality = 73 @@ -61987,8 +61987,8 @@ rule ELASTIC_Windows_Trojan_Metastealer_F94E2464 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "14ca15c0751207103c38f1a2f8fdc73e5dd3d58772f6e5641e54e0c790ecd132" logic_hash = "v1_sha256_bf374bda2ca7c7bcec1ff092bbc9c3fd95c33faa78a6ea105a7b12b8e80a2e23" score = 75 @@ -62031,8 +62031,8 @@ rule ELASTIC_Windows_Trojan_Metastealer_A07E395C : FILE MEMORY date = "2024-10-23" modified = "2024-10-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_MetaStealer.yar#L36-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_MetaStealer.yar#L36-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "973a9056040af402d6f92f436a287ea164fae09c263f80aba0b8d5366ed9957a" logic_hash = "v1_sha256_2464cf1dc5747c93598354329371ea6111c3cbf34a6db83076c9465b867a0e47" score = 75 @@ -62062,8 +62062,8 @@ rule ELASTIC_Macos_Infostealer_Mdquerysecret_5535Ab96 : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Infostealer_MdQuerySecret.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Infostealer_MdQuerySecret.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c755e617b9dd41505bb225ea836ecdde8f3f6f9ab7ae79697e6d85190e206c41" score = 75 quality = 71 @@ -62091,8 +62091,8 @@ rule ELASTIC_Windows_Generic_Threat_Bc6Ae28D : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ce00873eb423c0259c18157a07bf7fd9b07333e528a5b9d48be79194310c9d97" logic_hash = "v1_sha256_0ca5ec945858a5238eac048520dea4597f706ad2c96be322d341c84c4ddbce33" score = 75 @@ -62120,8 +62120,8 @@ rule ELASTIC_Windows_Generic_Threat_Ce98C4Bc : FILE MEMORY date = "2023-12-17" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L21-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L21-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "950e8a29f516ef3cf1a81501e97fbbbedb289ad9fb93352edb563f749378da35" logic_hash = "v1_sha256_74914f41c03cb2dcb1dc3175cc76574a0d40b66a1a3854af8f50c9858704b66b" score = 75 @@ -62150,8 +62150,8 @@ rule ELASTIC_Windows_Generic_Threat_0Cc1481E : FILE MEMORY date = "2023-12-17" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L42-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L42-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6ec7781e472a6827c1406a53ed4699407659bd57c33dd4ab51cabfe8ece6f23f" logic_hash = "v1_sha256_1a094cf337cb85aa4b7d1d2025571ab0661a7be1fd03d53d8c7370a90385f38c" score = 75 @@ -62179,8 +62179,8 @@ rule ELASTIC_Windows_Generic_Threat_2507C37C : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L62-L80" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L62-L80" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "04296258f054a958f0fd013b3c6a3435280b28e9a27541463e6fc9afe30363cc" logic_hash = "v1_sha256_8c5ea1290260993ea5140baa4645f3fd0ebb4d43fce0e9a25f8e8948e683aec1" score = 75 @@ -62208,8 +62208,8 @@ rule ELASTIC_Windows_Generic_Threat_E052D248 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L82-L100" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L82-L100" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ed2bbc0d120665044aacb089d8c99d7c946b54d1b08a078aebbb3b91f593da6e" logic_hash = "v1_sha256_1a16ce6d1c6707560425156e625ad19a82315564b3f03adafbcc3e65b0e98a6d" score = 75 @@ -62237,8 +62237,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb7Fbe3 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L102-L120" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L102-L120" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "65cc8704c0e431589d196eadb0ac8a19151631c8d4ab7375d7cb18f7b763ba7b" logic_hash = "v1_sha256_36e1ab766e09e8d06b9179f67a1cb842ba257f140610964a941fb462ed3e803c" score = 75 @@ -62266,8 +62266,8 @@ rule ELASTIC_Windows_Generic_Threat_994F2330 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L122-L140" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L122-L140" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0a30cb09c480a2659b6f989ac9fe1bfba1802ae3aad98fa5db7cdd146fee3916" logic_hash = "v1_sha256_ace99deae7f5faa22f273ec4fe45ef07f03acd1ae4d9c0f18687ef6cf5b560c2" score = 75 @@ -62295,8 +62295,8 @@ rule ELASTIC_Windows_Generic_Threat_Bf7Aae24 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L142-L160" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L142-L160" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6dfc63894f15fc137e27516f2d2a56514c51f25b41b00583123142cf50645e4e" logic_hash = "v1_sha256_b6dfa6f4c46bddd643f2f89f6275404c19fd4ed1bbae561029fffa884e99e167" score = 75 @@ -62324,8 +62324,8 @@ rule ELASTIC_Windows_Generic_Threat_D542E5A5 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L162-L180" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L162-L180" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3fc4ae7115e0bfa3fc6b75dcff867e7bf9ade9c7f558f31916359d37d001901b" logic_hash = "v1_sha256_3c16c02d4fc6e019f0ab0ff4daad61f59275afd8fb3ee263b1b59876233a686e" score = 75 @@ -62353,8 +62353,8 @@ rule ELASTIC_Windows_Generic_Threat_8D10790B : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L182-L200" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L182-L200" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "911535923a5451c10239e20e7130d371e8ee37172e0f14fc8cf224d41f7f4c0f" logic_hash = "v1_sha256_84c017abbce1c8702efbe8657e5a857ae222721b0db2260dc814652f4528df26" score = 75 @@ -62382,8 +62382,8 @@ rule ELASTIC_Windows_Generic_Threat_347F9F54 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L202-L220" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L202-L220" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45a051651ce1edddd33ecef09bb0fbb978adec9044e64f786b13ed81cabf6a3f" logic_hash = "v1_sha256_63df388393a45ffec68ba01ae6d7707b6d5277e0162ded6e631c1f76ad76b711" score = 75 @@ -62411,8 +62411,8 @@ rule ELASTIC_Windows_Generic_Threat_20469956 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L222-L240" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L222-L240" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a1f2923f68f5963499a64bfd0affe0a729f5e7bd6bcccfb9bed1d62831a93c47" logic_hash = "v1_sha256_da351bec0039a32bb9de1d8623ab3dc26eb752d30a64e613de96f70e1b1c2463" score = 75 @@ -62440,8 +62440,8 @@ rule ELASTIC_Windows_Generic_Threat_742E8A70 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L242-L260" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L242-L260" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "94f7678be47651aa457256375f3e4d362ae681a9524388c97dc9ed34ba881090" logic_hash = "v1_sha256_2925eb8da80ef791b5cf7800a9bf9462203ab6aa743bc69f4fd2343e97eaab7c" score = 75 @@ -62469,8 +62469,8 @@ rule ELASTIC_Windows_Generic_Threat_79174B5C : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L262-L280" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L262-L280" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c15118230059e85e7a6b65fe1c0ceee8997a3d4e9f1966c8340017a41e0c254c" logic_hash = "v1_sha256_06a2f0613719f1273a6b3f62f248c22b1cab2fe6054904619e3720f3f6c55e2e" score = 75 @@ -62498,8 +62498,8 @@ rule ELASTIC_Windows_Generic_Threat_232B71A9 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L282-L300" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L282-L300" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1e8b34da2d675af96b34041d4e493e34139fc8779f806dbcf62a6c9c4d9980fe" logic_hash = "v1_sha256_c3bef1509c0d0172dbbc7e0e2b5c69e5ec47dc22365d98a914002b53b0f7d918" score = 75 @@ -62527,8 +62527,8 @@ rule ELASTIC_Windows_Generic_Threat_D331D190 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L302-L320" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L302-L320" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6d869d320d977f83aa3f0e7719967c7e54c1bdae9ae3729668d755ee3397a96f" logic_hash = "v1_sha256_901601c892d709fa596c44df1fbe7772a9f20576c71666570713bf96727a809b" score = 75 @@ -62556,8 +62556,8 @@ rule ELASTIC_Windows_Generic_Threat_24191082 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L322-L340" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L322-L340" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4d20878c16d2b401e76d8e7c288cf8ef5aa3c8d4865f440ee6b44d9f3d0cbf33" logic_hash = "v1_sha256_a5ea76032a9c189f923d91cd03deb44bd61868e5ad6081afe63249156cbd8927" score = 75 @@ -62585,8 +62585,8 @@ rule ELASTIC_Windows_Generic_Threat_Efdb9E81 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L342-L361" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L342-L361" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1c3302b14324c9f4e07829f41cd767ec654db18ff330933c6544c46bd19e89dd" logic_hash = "v1_sha256_eae78b07f6c31e3a30ae041a27c67553bb8ea915bc7724583d78832475021955" score = 75 @@ -62615,8 +62615,8 @@ rule ELASTIC_Windows_Generic_Threat_34622A35 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L363-L381" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L363-L381" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c021c6adca0ddf38563a13066a652e4d97726175983854674b8dae2f6e59c83f" logic_hash = "v1_sha256_2b49bd5d3a18307a46f44d9dfeea858ddaa6084f86f96b83b874cee7603e1c11" score = 75 @@ -62644,8 +62644,8 @@ rule ELASTIC_Windows_Generic_Threat_0Ff403Df : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L383-L401" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L383-L401" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b3119dc4cea05bef51d1f373b87d69bcff514f6575d4c92da4b1c557f8d8db8f" logic_hash = "v1_sha256_38bdd9b6f61ab4bb13abc7af94e92151928df95ade061756611218104e7245fd" score = 75 @@ -62673,8 +62673,8 @@ rule ELASTIC_Windows_Generic_Threat_B1F6F662 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L403-L423" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L403-L423" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1b7eaef3cf1bb8021a00df092c829932cccac333990db1c5dac6558a5d906400" logic_hash = "v1_sha256_e52ff1eaee00334e1a07367bf88f3907bb0b13035717683d9d98371b92bc45c0" score = 75 @@ -62704,8 +62704,8 @@ rule ELASTIC_Windows_Generic_Threat_2C80562D : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L425-L445" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L425-L445" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ee8decf1e8e5a927e3a6c10e88093bb4b7708c3fd542d98d43f1a882c6b0198e" logic_hash = "v1_sha256_07487ae646ac81b94f940c8d3493dbee023bce687297465fe09375f40dff0fb2" score = 75 @@ -62735,8 +62735,8 @@ rule ELASTIC_Windows_Generic_Threat_E96F9E97 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L447-L465" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L447-L465" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bfbab69e9fc517bc46ae88afd0603a498a4c77409e83466d05db2797234ea7fc" logic_hash = "v1_sha256_1dcf81b8982425ff74107b899e85e2432f0464554e923f85a7555cda65293b54" score = 75 @@ -62764,8 +62764,8 @@ rule ELASTIC_Windows_Generic_Threat_005Fd471 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L467-L487" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L467-L487" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "502814ed565a923da15626d46fde8cc7fd422790e32b3cad973ed8ec8602b228" logic_hash = "v1_sha256_10493253a6b2ce3141ee980e0607bdbba72580bb4a076f2f4636e9665ffc6db8" score = 75 @@ -62795,8 +62795,8 @@ rule ELASTIC_Windows_Generic_Threat_54B0Ec47 : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L489-L508" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L489-L508" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9c14203069ff6003e7f408bed71e75394de7a6c1451266c59c5639360bf5718c" logic_hash = "v1_sha256_e3d74162a8874fe05042fec98d25b8db50e7f537566fd9f4e40f92bfe868259a" score = 75 @@ -62825,8 +62825,8 @@ rule ELASTIC_Windows_Generic_Threat_Acf6222B : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L510-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L510-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ce0def96be08193ab96817ce1279e8406746a76cfcf4bf44e394920d7acbcaa6" logic_hash = "v1_sha256_a284b6c163dbc022bd36f19fbc1d7ff70143bee566328ad23e7b8b79abd39e91" score = 75 @@ -62854,8 +62854,8 @@ rule ELASTIC_Windows_Generic_Threat_5E718A0C : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L530-L548" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L530-L548" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "430b9369b779208bd3976bd2adc3e63d3f71e5edfea30490e6e93040c1b3bac6" logic_hash = "v1_sha256_45068afeda7abae0fe922a21f8f768b6c74a6e0f8e9e8b1f68c3ddf92940bf9a" score = 75 @@ -62883,8 +62883,8 @@ rule ELASTIC_Windows_Generic_Threat_Fac6D993 : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L550-L568" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L550-L568" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e7c88e72cf0c1f4cbee588972fc1434065f7cc9bd95d52379bade1b8520278" logic_hash = "v1_sha256_3486793324dbe43c908432e1956bbbdb870beb4641da46b3786581fd3e78811a" score = 75 @@ -62912,8 +62912,8 @@ rule ELASTIC_Windows_Generic_Threat_E7Eaa4Ca : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L570-L587" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L570-L587" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_600da0c88dc0606e05f60ecd3b9a90469eef8ac7a702ef800c833f7fd17eb13e" score = 75 quality = 75 @@ -62940,8 +62940,8 @@ rule ELASTIC_Windows_Generic_Threat_97703189 : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L589-L607" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L589-L607" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "968ba3112c54f3437b9abb6137f633d919d75137d790af074df40a346891cfb5" logic_hash = "v1_sha256_318bc82d49e9a3467ec0e0086aaf1092d2aa7c589b5f16ce6fbb3778eda7ef0b" score = 75 @@ -62969,8 +62969,8 @@ rule ELASTIC_Windows_Generic_Threat_Ca0686E1 : FILE MEMORY date = "2024-01-05" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L609-L627" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L609-L627" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "15c7ce1bc55549efc86dea74a90f42fb4665fe15b14f760037897c772159a5b5" logic_hash = "v1_sha256_12b2ff66d1be6e2d27f24489b389b5c84660921e8de41653b2b425077cc87669" score = 75 @@ -62998,8 +62998,8 @@ rule ELASTIC_Windows_Generic_Threat_97C1A260 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L629-L647" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L629-L647" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2cc85ebb1ef07948b1ddf1a793809b76ee61d78c07b8bf6e702c9b17346a20f1" logic_hash = "v1_sha256_5bd84cbdd4ba699c9e9d87e684071342b23138538bd83ffea8c524fcee26a59b" score = 75 @@ -63027,8 +63027,8 @@ rule ELASTIC_Windows_Generic_Threat_A440F624 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L649-L668" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L649-L668" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3564fec3d47dfafc7e9c662654865aed74aedeac7371af8a77e573ea92cbd072" logic_hash = "v1_sha256_23c759a0db5698b28a69232077a6b714f71e8eaa069d2f02a7d3efc48b178a2b" score = 75 @@ -63057,8 +63057,8 @@ rule ELASTIC_Windows_Generic_Threat_B577C086 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L670-L688" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L670-L688" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "27dd61d4d9997738e63e813f8b8ea9d5cf1291eb02d20d1a2ad75ac8aa99459c" logic_hash = "v1_sha256_a7684340171415ee01e855706192cdffcccd6c82362707229b2c1d096f87dfa8" score = 75 @@ -63086,8 +63086,8 @@ rule ELASTIC_Windows_Generic_Threat_62E1F5Fc : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L690-L710" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L690-L710" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4a692e244a389af0339de8c2d429b541d6d763afb0a2b1bb20bee879330f2f42" logic_hash = "v1_sha256_76e21746ee396f13073b3db1e876246f01cef547d312691dff3dc895ea3a2b82" score = 75 @@ -63117,8 +63117,8 @@ rule ELASTIC_Windows_Generic_Threat_55D6A1Ab : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L712-L731" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L712-L731" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ca6ed610479b5aaaf193a2afed8f2ca1e32c0c5550a195d88f689caab60c6fb" logic_hash = "v1_sha256_4f3a0b2e45ae4e6a00f137798b700a0925fa6eb19ea6b871d7eeb565548888ba" score = 75 @@ -63147,8 +63147,8 @@ rule ELASTIC_Windows_Generic_Threat_F7D3Cdfd : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L733-L751" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L733-L751" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f9df83d0b0e06884cdb4a02cd2091ee1fadeabb2ea16ca34cbfef4129ede251f" logic_hash = "v1_sha256_23e1008f222eb94a4bd34372834924377e813dc76efa8544b0dcbe7d3e3addde" score = 75 @@ -63176,8 +63176,8 @@ rule ELASTIC_Windows_Generic_Threat_0350Ed31 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L753-L771" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L753-L771" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "008f9352765d1b3360726363e3e179b527a566bc59acecea06bd16eb16b66c5d" logic_hash = "v1_sha256_149dd26466f47b2e7f514bdcc9822470334490da2898840f35fe6b537ce104f6" score = 75 @@ -63205,8 +63205,8 @@ rule ELASTIC_Windows_Generic_Threat_A1Cef0Cd : FILE MEMORY date = "2024-01-08" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L773-L791" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L773-L791" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "71f519c6bd598e17e1298d247a4ad37b78685ca6fd423d560d397d34d16b7db8" logic_hash = "v1_sha256_2772906e3a8a088e7c6ea1370af5e5bbe2cbae4f49de9b939524e317be8ddde4" score = 75 @@ -63234,8 +63234,8 @@ rule ELASTIC_Windows_Generic_Threat_E5F4703F : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L793-L811" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L793-L811" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "362bda1fad3fefce7d173617909d3c1a0a8e234e22caf3215ee7c6cef6b2743b" logic_hash = "v1_sha256_f81476d5e5a9bcb42b32d6ec3d4b620165f2878c50691ecf59ef6f34b6ad9d1b" score = 75 @@ -63263,8 +63263,8 @@ rule ELASTIC_Windows_Generic_Threat_8B790Aba : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L813-L832" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L813-L832" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ec98bfff01d384bdff6bbbc5e17620b31fa57c662516157fd476ef587b8d239e" logic_hash = "v1_sha256_8a0b2af3d0c95466ca138dfcc3d6f6a702ec92f5cd4f791b1200c79ffd973840" score = 75 @@ -63293,8 +63293,8 @@ rule ELASTIC_Windows_Generic_Threat_76A7579F : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L834-L852" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L834-L852" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "76c73934bcff7e4ee08b068d1e02b8f5c22161262d127de2b4ac2e81d09d84f6" logic_hash = "v1_sha256_08ed2d318e7154195911aaf3705626307b48a54aa195eaa054ec53766d3e198d" score = 75 @@ -63322,8 +63322,8 @@ rule ELASTIC_Windows_Generic_Threat_3F060B9C : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L854-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L854-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "32e7a40b13ddbf9fc73bd12c234336b1ae11e2f39476de99ebacd7bbfd22fba0" logic_hash = "v1_sha256_193583f63f22452f96c8372fdc9ef04e2a684f847564a7fe75145ea30d426901" score = 75 @@ -63351,8 +63351,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbae6542 : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L874-L892" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L874-L892" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c73f533f96ed894b9ff717da195083a594673e218ee9a269e360353b9c9a0283" logic_hash = "v1_sha256_673c6b4e6aaa127d45b21d0283437000fbc507a84ecd7a326448869d63759aee" score = 75 @@ -63380,8 +63380,8 @@ rule ELASTIC_Windows_Generic_Threat_808F680E : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L894-L912" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L894-L912" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "df6955522532e365239b94e9d834ff5eeeb354eec3e3672c48be88725849ac1c" logic_hash = "v1_sha256_22d91a87c01b401d4a203fbabb93a9b45fd6d8819125c56d9c427449b06d2f84" score = 75 @@ -63409,8 +63409,8 @@ rule ELASTIC_Windows_Generic_Threat_073909Cf : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L914-L932" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L914-L932" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "89a6dc518c119b39252889632bd18d9dfdae687f7621310fb14b684d2f85dad8" logic_hash = "v1_sha256_5b42a74010549c884ff85a67b9add6b82a8109a953473cc1439581976f8f545e" score = 75 @@ -63438,8 +63438,8 @@ rule ELASTIC_Windows_Generic_Threat_820Fe9C9 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L934-L952" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L934-L952" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1102a499b8a863bdbfd978a1d17270990e6b7fe60ce54b9dd17492234aad2f8c" logic_hash = "v1_sha256_81a1359bd5781e1eefb6ae06c6b2ad9e94cc6318c1f81f84c06f0b236b6e84d1" score = 75 @@ -63467,8 +63467,8 @@ rule ELASTIC_Windows_Generic_Threat_89Efd1B4 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L954-L972" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L954-L972" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "937c8bc3c89bb9c05b2cb859c4bf0f47020917a309bbadca36236434c8cdc8b9" logic_hash = "v1_sha256_49a7875fd9c31c5c9b593aed75a28fadb586294422b75c7a8eeba2e8ff254753" score = 75 @@ -63496,8 +63496,8 @@ rule ELASTIC_Windows_Generic_Threat_61315534 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L974-L992" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L974-L992" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "819447ca71080f083b1061ed6e333bd9ef816abd5b0dd0b5e6a58511ab1ce8b9" logic_hash = "v1_sha256_0fdfe3bb6ebdaac4324a45dac8680f00684d0030419f26f3f72ed002bf5a2a34" score = 75 @@ -63525,8 +63525,8 @@ rule ELASTIC_Windows_Generic_Threat_Eab96Cf2 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L994-L1012" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L994-L1012" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2be8a2c524f1fb2acb2af92bc56eb9377c4e16923a06f5ac2373811041ea7982" logic_hash = "v1_sha256_cc1dfc2c9c5e1fbc6282342dfbf3a6c834fa56fb6fc46569a24fa78535c5845f" score = 75 @@ -63554,8 +63554,8 @@ rule ELASTIC_Windows_Generic_Threat_11A56097 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1014-L1033" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1014-L1033" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56" logic_hash = "v1_sha256_42f955c079752c787ac70682bc41fa31f3196d30051d7032276a0d4279d59d58" score = 75 @@ -63584,8 +63584,8 @@ rule ELASTIC_Windows_Generic_Threat_F3Bef434 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1035-L1053" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1035-L1053" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56" logic_hash = "v1_sha256_efba0e1fbe6562a9aeaac23b851c31350e4ac6551e505be4986bddade92ca303" score = 75 @@ -63613,8 +63613,8 @@ rule ELASTIC_Windows_Generic_Threat_C6F131C5 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1055-L1073" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1055-L1073" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "247314baaaa993b8db9de7ef0e2998030f13b99d6fd0e17ffd59e31a8d17747a" logic_hash = "v1_sha256_5702a77fee0cd564916abdbfedf76d069bb7a5b6de0c4623150991d52dc02e42" score = 75 @@ -63642,8 +63642,8 @@ rule ELASTIC_Windows_Generic_Threat_B2A054F8 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1075-L1095" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1075-L1095" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "63d2478a5db820731a48a7ad5a20d7a4deca35c6b865a17de86248bef7a64da7" logic_hash = "v1_sha256_f64b1666f78646322a4c37dc887d8fcfdb275b0bca812e360579cefd9e323c02" score = 75 @@ -63673,8 +63673,8 @@ rule ELASTIC_Windows_Generic_Threat_Fcab7E76 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1097-L1115" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1097-L1115" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "67d7e016e401bd5d435eecaa9e8ead341aed2f373a1179069f53b64bda3f1f56" logic_hash = "v1_sha256_90f50d1227b8e462eaa393690dc2b25601444bf80f2108445a0413bff6bedae8" score = 75 @@ -63702,8 +63702,8 @@ rule ELASTIC_Windows_Generic_Threat_90E4F085 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1117-L1137" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1117-L1137" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1a6a290d98f5957d00756fc55187c78030de7031544a981fd2bb4cfeae732168" logic_hash = "v1_sha256_2afeae6de965ae155914dcedbfe375327a9fca3b42733c23360dd4fddfcc8a3d" score = 75 @@ -63733,8 +63733,8 @@ rule ELASTIC_Windows_Generic_Threat_04A9C177 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1139-L1157" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1139-L1157" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0cccdde4dcc8916fb6399c181722eb0da2775d86146ce3cb3fc7f8cf6cd67c29" logic_hash = "v1_sha256_ca7cf71228b1e13ec05c62cd9924ea5089fdf903d8ea4a5151866996ea81e01e" score = 75 @@ -63762,8 +63762,8 @@ rule ELASTIC_Windows_Generic_Threat_45D1E986 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1159-L1177" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1159-L1177" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb" logic_hash = "v1_sha256_d53a4d189b9a49f9b6477e12bce0d41e62827306d1df79e6494ab67669d84f35" score = 75 @@ -63791,8 +63791,8 @@ rule ELASTIC_Windows_Generic_Threat_83C38E63 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1179-L1198" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1179-L1198" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2121a0e5debcfeedf200d7473030062bc9f5fbd5edfdcd464dfedde272ff1ae7" logic_hash = "v1_sha256_89d4036290a29b372918205bba85698d6343109503766cbb13999b5177fc3152" score = 75 @@ -63821,8 +63821,8 @@ rule ELASTIC_Windows_Generic_Threat_Bd24Be68 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1200-L1218" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1200-L1218" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb" logic_hash = "v1_sha256_8536593696930d03f1e62586886f0df5438d13fb796b4605df7ad67d9633d5f9" score = 75 @@ -63850,8 +63850,8 @@ rule ELASTIC_Windows_Generic_Threat_A0C7B402 : FILE MEMORY date = "2024-01-16" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1220-L1238" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1220-L1238" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5814d7712304800d92487b8e1108d20ad7b44f48910b1fb0a99e9b36baa4333a" logic_hash = "v1_sha256_d0aa75debbefb301b9fc46ceca4944ae8c4b009118214a9589440b59089b853e" score = 75 @@ -63879,8 +63879,8 @@ rule ELASTIC_Windows_Generic_Threat_42B3E0D7 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1240-L1258" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1240-L1258" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "99ad416b155970fda383a63fe61de2e4d0254e9c9e09564e17938e8e2b49b5b7" logic_hash = "v1_sha256_58b4c667b6d796f4525afeb706394f593d03393e3a48e2a0b7664f121e6a78fe" score = 75 @@ -63908,8 +63908,8 @@ rule ELASTIC_Windows_Generic_Threat_66142106 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1260-L1278" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1260-L1278" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cd164a65fb2a496ad7b54c782f25fbfca0540d46d2c0d6b098d7be516c4ce021" logic_hash = "v1_sha256_bf5d8db3ed6d2abc3158b04e904351250bf17a6d766e31769b3c5a6e534165b0" score = 75 @@ -63937,8 +63937,8 @@ rule ELASTIC_Windows_Generic_Threat_51A1D82B : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1280-L1298" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1280-L1298" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1a7adde856991fa25fac79048461102fba58cda9492d4f5203b817d767a81018" logic_hash = "v1_sha256_2d6b0560e1980deb6aad8e0902d065eeda406506b70bb8bb27c7fa58be9842f8" score = 75 @@ -63966,8 +63966,8 @@ rule ELASTIC_Windows_Generic_Threat_Dee3B4Bf : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1300-L1318" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1300-L1318" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c7f4b63fa5c7386d6444c0d0428a8fe328446efcef5fda93821f05e86efd2fba" logic_hash = "v1_sha256_cfd7f9250ab44ffe12b62f84ae753032642d9aa2524d88a6d4d989a2afa043a3" score = 75 @@ -63995,8 +63995,8 @@ rule ELASTIC_Windows_Generic_Threat_Fdbcd3F2 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1320-L1338" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1320-L1338" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9258e4fe077be21ad7ae348868f1ac6226f6e9d404c664025006ab4b64222369" logic_hash = "v1_sha256_ca9136ca44a61795cca44ac9bb0494fdc34c08d6578603ba3be3582956f4a98f" score = 75 @@ -64024,8 +64024,8 @@ rule ELASTIC_Windows_Generic_Threat_B7852Ccf : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1340-L1360" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1340-L1360" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5ac70fa959be4ee37c0c56f0dd04061a5fed78fcbde21b8449fc93e44a8c133a" logic_hash = "v1_sha256_4d5c29cceaacfda0c41bcd13cf95e90397b1b6c0c6beeb19b9184f435c8669b9" score = 75 @@ -64055,8 +64055,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C8F21A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1362-L1380" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1362-L1380" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9a102873dd37d08f53dcf6b5dad2555598a954d18fb3090bbf842655c5fded35" logic_hash = "v1_sha256_b4d2b28fb2c9d46884b0b34f7821151b88891a8d881885c704e0e192cf7fca70" score = 75 @@ -64084,8 +64084,8 @@ rule ELASTIC_Windows_Generic_Threat_A3D51E0C : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1382-L1400" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1382-L1400" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "18bd25df1025cd04b0642e507b0170bc1a2afba71b2dc4bd5e83cc487860db0d" logic_hash = "v1_sha256_f128f6a037abb4af2c11605b182852146780be6451b3062a2914bedb5c286843" score = 75 @@ -64113,8 +64113,8 @@ rule ELASTIC_Windows_Generic_Threat_54Ccad4D : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1402-L1422" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1402-L1422" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fe4aad002722d2173dd661b7b34cdb0e3d4d8cd600e4165975c48bf1b135763f" logic_hash = "v1_sha256_b9fb525be22dd2f235c3ac68688ced5298da45194ad032423689f5a085df6e31" score = 75 @@ -64144,8 +64144,8 @@ rule ELASTIC_Windows_Generic_Threat_6Ee18020 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1424-L1442" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1424-L1442" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d58d8f5a7efcb02adac92362d8c608e6d056824641283497b2e1c1f0e2d19b0a" logic_hash = "v1_sha256_8a08973ae2ddde275e007686fc6eca831c1fb398b7221d5022da10f90da0e44d" score = 75 @@ -64173,8 +64173,8 @@ rule ELASTIC_Windows_Generic_Threat_8Eb547Db : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1444-L1462" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1444-L1462" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3fc821b63dfa653b86b11201073997fa4dc273124d050c2a7c267ac789d8a447" logic_hash = "v1_sha256_73cabad0656c6b347def017b07138fdbdd5b41da5ccf7d701fea764669058f39" score = 75 @@ -64202,8 +64202,8 @@ rule ELASTIC_Windows_Generic_Threat_803Feff4 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1464-L1482" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1464-L1482" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8f150dfb13e4a2ff36231f873e4c0677b5db4aa235d8f0aeb41e02f7e31c1e05" logic_hash = "v1_sha256_e22b8b208ff104e2843d897c425467f2f0ec0c586c4db578da90aeaef0209e1d" score = 75 @@ -64231,8 +64231,8 @@ rule ELASTIC_Windows_Generic_Threat_9C7D2333 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1484-L1502" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1484-L1502" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "85219f1402c88ab1e69aa99fe4bed75b2ad1918f4e95c448cdc6a4b9d2f9a5d4" logic_hash = "v1_sha256_561290ebf3ca2a01914f514d63121be930e7a8c06cfc90ff4b8f0c7cef3408fe" score = 75 @@ -64260,8 +64260,8 @@ rule ELASTIC_Windows_Generic_Threat_747B58Af : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1504-L1524" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1504-L1524" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ee28e93412c59d63155fd79bc99979a5664c48dcb3c77e121d17fa985fcb0ebe" logic_hash = "v1_sha256_fd6b36ca50c1017035474b491f716bfb0d53b181fce4b5478a57a1d1a6ddc3e7" score = 75 @@ -64291,8 +64291,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C4E847 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1526-L1544" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1526-L1544" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "86b37f0b2d9d7a810b5739776b4104f1ded3a1228c4ec2d104d26d8eb26aa7ba" logic_hash = "v1_sha256_fa147abf7aa872f409e7684c4c60485fc58f57543062573526e56ff9866f8dfe" score = 75 @@ -64320,8 +64320,8 @@ rule ELASTIC_Windows_Generic_Threat_6542Ebda : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1546-L1564" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1546-L1564" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2073e51c7db7040c6046e36585873a0addc2bcddeb6e944b46f96c607dd83595" logic_hash = "v1_sha256_30263341bf51a001503dfda9be5771d401bc5b5423682c29a6d4ebc457415d3e" score = 75 @@ -64349,8 +64349,8 @@ rule ELASTIC_Windows_Generic_Threat_1417511B : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1566-L1584" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1566-L1584" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2fc9bd91753ff3334ef7f9861dc1ae79cf5915d79fa50f7104cbb3262b7037da" logic_hash = "v1_sha256_e6b53082fa447ac3cf56784771aca742696922e6f740a24d014e04250dc5020c" score = 75 @@ -64378,8 +64378,8 @@ rule ELASTIC_Windows_Generic_Threat_7526F106 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1586-L1605" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1586-L1605" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5a297c446c27a8d851c444b6b32a346a7f9f5b5e783564742d39e90cd583e0f0" logic_hash = "v1_sha256_a0f9eb760be05196f0c5c3e3bf250929b48341a58a11c24722978fa19c4a9f57" score = 75 @@ -64408,8 +64408,8 @@ rule ELASTIC_Windows_Generic_Threat_Cbe3313A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1607-L1625" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1607-L1625" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ca2a28c851070b9bfe1f7dd655f2ea10ececef49276c998a1d2a1b48f84cef3" logic_hash = "v1_sha256_41a731cefe0c8ee95f1db598b68a8860ef7ff06137ce94d0dd0b5c60c4240e85" score = 75 @@ -64437,8 +64437,8 @@ rule ELASTIC_Windows_Generic_Threat_779Cf969 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1627-L1645" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1627-L1645" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ef281230c248442c804f1930caba48f0ae6cef110665020139f826ab99bbf274" logic_hash = "v1_sha256_ad0f2d78386abf4c6dc6b5a4a88b4dcf8e5bf8086b08bac91e5e00be9936e908" score = 75 @@ -64466,8 +64466,8 @@ rule ELASTIC_Windows_Generic_Threat_D568682A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1647-L1665" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1647-L1665" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0d98bc52259e0625ec2f24078cf4ae3233e5be0ade8f97a80ca590a0f1418582" logic_hash = "v1_sha256_97e172502037c7a5d66327fcc4a237e5548694fc7d73a535838ad56367f15d76" score = 75 @@ -64495,8 +64495,8 @@ rule ELASTIC_Windows_Generic_Threat_Ccb6A7A2 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1667-L1686" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1667-L1686" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "60503212db3f27a4d68bbfc94048ffede04ad37c78a19c4fe428b50f27af7a0d" logic_hash = "v1_sha256_312265bbc4330a463bbe7478c70233f5df3353bda3c450562f2414f3675ba91e" score = 75 @@ -64525,8 +64525,8 @@ rule ELASTIC_Windows_Generic_Threat_D62F1D01 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1688-L1706" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1688-L1706" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "380892397b86f47ec5e6ed1845317bf3fd9c00d01f516cedfe032c0549eef239" logic_hash = "v1_sha256_fd65eb56f3a48c37f83d3544c039d29c231cac1e2f8f07d176d709432a75a4c3" score = 75 @@ -64554,8 +64554,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb6F41D : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1708-L1728" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1708-L1728" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "afa060352346dda4807dffbcac75bf07e8800d87ff72971b65e9805fabef39c0" logic_hash = "v1_sha256_7c4e62b69880eb8a901d7e94b7539786e8ac58808df07cb1cbe9ff45efce518e" score = 75 @@ -64585,8 +64585,8 @@ rule ELASTIC_Windows_Generic_Threat_C54Ed0Ed : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1730-L1747" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1730-L1747" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_f0f4878cb003371522ed1419984f15fd5049f1adeb8e051b8b51b31b0d620e96" score = 75 quality = 75 @@ -64613,8 +64613,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbe41439 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1749-L1767" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1749-L1767" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "64afd2bc6cec17402473a29b94325ae2e26989caf5a8b916dc21952149d71b00" logic_hash = "v1_sha256_288cdc285d024f2b69847e0d49bd4dc1c86a2a6a24a7b4fb248071855ba39a38" score = 75 @@ -64642,8 +64642,8 @@ rule ELASTIC_Windows_Generic_Threat_51A52B44 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1769-L1787" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1769-L1787" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "303aafcc660baa803344bed6a3a7a5b150668f88a222c28182db588fc1e744e0" logic_hash = "v1_sha256_aad1c350f43cf2e0512e085e1a04db6099c568e375423afb9518b1fb89801c21" score = 75 @@ -64671,8 +64671,8 @@ rule ELASTIC_Windows_Generic_Threat_5C18A7F9 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1789-L1807" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1789-L1807" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fd272678098eae8f5ec8428cf25d2f1d8b65566c59e363d42c7ce9ffab90faaa" logic_hash = "v1_sha256_05cea396567ed3e23907dec4e6e3a6629cd1044d9123cde0575a04b73bae6c20" score = 75 @@ -64700,8 +64700,8 @@ rule ELASTIC_Windows_Generic_Threat_Ab01Ba9E : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1809-L1829" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1809-L1829" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2b237716d0c0c9877f54b3fa03823068728dfe0710c5b05e9808eab365a1408e" logic_hash = "v1_sha256_cc8d79950e21270938d2ea7e501c7c8fdbebe92767b48b46bb03c08c377e095b" score = 75 @@ -64731,8 +64731,8 @@ rule ELASTIC_Windows_Generic_Threat_917D7645 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1831-L1849" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1831-L1849" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "19b54a20cfa74cbb0f4724155244b52ca854054a205be6d148f826fa008d6c55" logic_hash = "v1_sha256_65748ff2e4448f305b9541ea9864cc6bda054d37be5ed34110a2f64c8fef30c7" score = 75 @@ -64760,8 +64760,8 @@ rule ELASTIC_Windows_Generic_Threat_7A09E97D : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1851-L1869" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1851-L1869" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0c1e333e60547a90ec9d9dac3fc6698b088769bc0f5ec25883b2c4d1fd680a9" logic_hash = "v1_sha256_b65b2d12901953c137687a7b466c78e0537a2830c37a4cb13dd0eda457bba937" score = 75 @@ -64789,8 +64789,8 @@ rule ELASTIC_Windows_Generic_Threat_Dc4Ede3B : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1871-L1889" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1871-L1889" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c49f20c5b42c6d813e6364b1fcb68c1b63a2f7def85a3ddfc4e664c4e90f8798" logic_hash = "v1_sha256_c402d5f16f2be32912d7a054b51ab6dafc6173bb5a267a7846b3ac9df1c4c19f" score = 75 @@ -64818,8 +64818,8 @@ rule ELASTIC_Windows_Generic_Threat_Bb480769 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1891-L1909" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1891-L1909" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "010e3aeb26533d418bb7d2fdcfb5ec21b36603b6abb63511be25a37f99635bce" logic_hash = "v1_sha256_1087e0befceac2606ce5dc5f2b42b45ebad888e7d3e451c3fb89de7e932a31f5" score = 75 @@ -64847,8 +64847,8 @@ rule ELASTIC_Windows_Generic_Threat_5Fbf5680 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1911-L1929" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1911-L1929" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1b0553a9873d4cda213f5464b5e98904163e347a49282db679394f70d4571e77" logic_hash = "v1_sha256_ec5399f6fb29125cb4c096851b9194fa35fb1e5ddd1f4d4f07b155471ae5c619" score = 75 @@ -64876,8 +64876,8 @@ rule ELASTIC_Windows_Generic_Threat_Aa30A738 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1931-L1949" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1931-L1949" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7726a691bd6c1ee51a9682e0087403a2c5a798ad172c1402acf2209c34092d18" logic_hash = "v1_sha256_64967fbc0e74435452752731a8b9385345cc771d27ee33cd018cccdeb26bb75e" score = 75 @@ -64905,8 +64905,8 @@ rule ELASTIC_Windows_Generic_Threat_9A8Dc290 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1951-L1969" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1951-L1969" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d951562a841f3706005d7696052d45397e3b4296d4cd96bf187920175fbb1676" logic_hash = "v1_sha256_0097a13187b953ebe97809dda2be818cfcd94991c03e75f344e34a3d2c4fe902" score = 75 @@ -64934,8 +64934,8 @@ rule ELASTIC_Windows_Generic_Threat_Bbf2A354 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1971-L1989" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1971-L1989" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b4e6c748ad88070e39b53a9373946e9e404623326f710814bed439e5ea61fc3e" logic_hash = "v1_sha256_6be2fae41199daea6b9d0394c9af7713543333a50620ef417bb8439d5a07f336" score = 75 @@ -64963,8 +64963,8 @@ rule ELASTIC_Windows_Generic_Threat_Da0F3Cbb : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L1991-L2009" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L1991-L2009" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b2c456d0051ffe1ca7e9de1e944692b10ed466eabb38242ea88e663a23157c58" logic_hash = "v1_sha256_262d0bbb69adde8c4c8645813b048f3aaa2dbcc83996606e7ca21c3edea2b5d8" score = 75 @@ -64992,8 +64992,8 @@ rule ELASTIC_Windows_Generic_Threat_7D555B55 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2011-L2029" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2011-L2029" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7efa5c8fd55a20fbc3a270cf2329d4a38f10ca372f3428bee4c42279fbe6f9c3" logic_hash = "v1_sha256_dc3a3622abbc7d0a02d8d9ed4446d0a72a603ecfd6594ecfa615e5418a9c9970" score = 75 @@ -65021,8 +65021,8 @@ rule ELASTIC_Windows_Generic_Threat_0A38C7D0 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2031-L2049" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2031-L2049" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "69ea7d2ea3ed6826ddcefb3c1daa63d8ab53dc6e66c59cf5c2506a8af1c62ef4" logic_hash = "v1_sha256_e3fde76825772683c57f830759168fc9a3b3f3387f091828fd971e9ebba06d8a" score = 75 @@ -65050,8 +65050,8 @@ rule ELASTIC_Windows_Generic_Threat_98527D90 : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2051-L2069" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2051-L2069" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fa24e7c6777e89928afa2a0afb2fab4db854ed3887056b5a76aef42ae38c3c82" logic_hash = "v1_sha256_5a93f0a372f3a51233c6b2334539017df922f35a0d5f7d1749e0dd79268cb836" score = 75 @@ -65079,8 +65079,8 @@ rule ELASTIC_Windows_Generic_Threat_Baba80Fb : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2071-L2089" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2071-L2089" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dd22cb2318d66fa30702368a7f06e445fba4b69daf9c45f8e83562d2c170a073" logic_hash = "v1_sha256_ba0da35bc00b776ae9b427e3a4b312b1b75bdc9b972fb52f26a5df6737f1ddc9" score = 75 @@ -65108,8 +65108,8 @@ rule ELASTIC_Windows_Generic_Threat_9F4A80B2 : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2091-L2109" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2091-L2109" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "47d57d00e2de43f33cd56ff653adb59b804e4dbe37304a5fa6a202ee20b50c24" logic_hash = "v1_sha256_1df3b8245bc0e995443d598feb5fe2605e05df64b863d4f47c17ecbe8d28c3ea" score = 75 @@ -65137,8 +65137,8 @@ rule ELASTIC_Windows_Generic_Threat_39E1Eb4C : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2111-L2129" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2111-L2129" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a733258bf04ffa058db95c8c908a79650400ebd92600b96dd28ceecac311f94a" logic_hash = "v1_sha256_d7791ae7513bc5645bcfa93a2d7bf9f7ef47a6727ea2ba5eb85f3c8528761429" score = 75 @@ -65166,8 +65166,8 @@ rule ELASTIC_Windows_Generic_Threat_D51Dd31B : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2131-L2150" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2131-L2150" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2a61c0305d82b6b4180c3d817c28286ab8ee56de44e171522bd07a60a1d8492d" logic_hash = "v1_sha256_85fc7aa81489b304c348ead2d7042bb5518ff4579b1d3e837290032c4b144e47" score = 75 @@ -65196,8 +65196,8 @@ rule ELASTIC_Windows_Generic_Threat_3A321F0A : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2152-L2170" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2152-L2170" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "91056e8c53dc1e97c7feafab31f0943f150d89a0b0026bcfb3664d2e93ccfe2b" logic_hash = "v1_sha256_83834dd7d4df5de4b6a032f1896f52c1ebdf16ca8ad9766e8872243f1a6da67e" score = 75 @@ -65225,8 +65225,8 @@ rule ELASTIC_Windows_Generic_Threat_A82F45A8 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2172-L2190" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2172-L2190" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ad07428104d3aa7abec2fd86562eaa8600d3e4b0f8d78ba1446f340d10008b53" logic_hash = "v1_sha256_70ebab6b03af38ef8c81664cf49ab07066a9672666599d99c91291a9d2e3af0b" score = 75 @@ -65254,8 +65254,8 @@ rule ELASTIC_Windows_Generic_Threat_D6625Ad7 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2192-L2210" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2192-L2210" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "878c9745320593573597d62c8f3adb3bef0b554cd51b18216f6d9f5d1a32a931" logic_hash = "v1_sha256_e90aff7c35f60cc3446f9eeb2131edb7125bfa04eb8f90c5671d06e9ff269755" score = 75 @@ -65283,8 +65283,8 @@ rule ELASTIC_Windows_Generic_Threat_61Bbb571 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2212-L2230" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2212-L2230" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "41e2a6cecb1735e8f09b1ba5dccff3c08afe395b6214396e545347927d1815a8" logic_hash = "v1_sha256_6b1ec666f3689638b9db9f041b0a89660b27c32590b747c5da3f4a02f01c7112" score = 75 @@ -65312,8 +65312,8 @@ rule ELASTIC_Windows_Generic_Threat_4A605E93 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2232-L2250" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2232-L2250" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1a84e25505a54e8e308714b53123396df74df1bde223bb306c0dc6220c1f0bbb" logic_hash = "v1_sha256_6ad7afa5bd03916917e2bbf4d736331f4319b20bfde296d7e62315584813699f" score = 75 @@ -65341,8 +65341,8 @@ rule ELASTIC_Windows_Generic_Threat_B509Dfc8 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2252-L2270" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2252-L2270" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9b5124e5e1be30d3f2ad1020bbdb93e2ceeada4c4d36f71b2abbd728bd5292b8" logic_hash = "v1_sha256_90b00caf612f56a898b24c28ae6febda3fd11f382ab1deba522bdd2e2ba254b4" score = 75 @@ -65370,8 +65370,8 @@ rule ELASTIC_Windows_Generic_Threat_7A49053E : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2272-L2292" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2272-L2292" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "29fb2b18cfd72a2966640ff59e67c89f93f83fc17afad2dfcacf9f53e9ea3446" logic_hash = "v1_sha256_6db95f20a2bcdfd7cb37cb33dae6351dd19f51a8c3cae54b1bb034af17378094" score = 75 @@ -65401,8 +65401,8 @@ rule ELASTIC_Windows_Generic_Threat_Fca7F863 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2294-L2312" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2294-L2312" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9d0e786dd8f1dc05eae910c6bcf15b5d05b4b6b0543618ca0c2ff3c4bb657af3" logic_hash = "v1_sha256_ad45fe6e8257d012824b36aaee1beccb82c1b78031de86c1f1dd26d5be88aa6f" score = 75 @@ -65430,8 +65430,8 @@ rule ELASTIC_Windows_Generic_Threat_Cafbd6A3 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2314-L2333" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2314-L2333" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "97081a51aa016d0e6c9ecadc09ff858bf43364265a006db9d7cc133f8429bc46" logic_hash = "v1_sha256_28813fc8a49b6ec3fe7675409fde923f0f30851429a526c142e0a228b4e0efa6" score = 75 @@ -65460,8 +65460,8 @@ rule ELASTIC_Windows_Generic_Threat_D8F834A9 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2335-L2353" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2335-L2353" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c118c2064a5839ebd57a67a7be731fffe89669a8f17c1fe678432d4ff85e7929" logic_hash = "v1_sha256_9fa1a65f3290867e4c59f14242f7261741e792b8be48c053ac320a315f2c1beb" score = 75 @@ -65489,8 +65489,8 @@ rule ELASTIC_Windows_Generic_Threat_De3F91C6 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2355-L2373" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2355-L2373" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e2cd4a8ccbf4a3a93c1387c66d94e9506b5981357004929ce5a41fcedfffb20f" logic_hash = "v1_sha256_032ac2adb11782d823f50bfedf4e4decb731dbe7d3abbb3b05ccff598ba7edb8" score = 75 @@ -65518,8 +65518,8 @@ rule ELASTIC_Windows_Generic_Threat_F0516E98 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2375-L2394" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2375-L2394" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632" logic_hash = "v1_sha256_28f5b1a05d90745f432aee6bb9da3855d70b18d556153059794c5e53bbd5117c" score = 75 @@ -65548,8 +65548,8 @@ rule ELASTIC_Windows_Generic_Threat_3C4D9Cbe : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2396-L2414" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2396-L2414" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632" logic_hash = "v1_sha256_b32f9a3b86c60d4d69c59250ac59e93aee70ede890b059b13be999adbe043d2c" score = 75 @@ -65577,8 +65577,8 @@ rule ELASTIC_Windows_Generic_Threat_Deb82E8C : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2416-L2435" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2416-L2435" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0f5791588a9898a3db29326785d31b52b524c3097370f6aa28564473d353cd38" logic_hash = "v1_sha256_c24baecab39c72f6bb30713022297cb9fb41ef5339a353702f3f780a630d5b27" score = 75 @@ -65607,8 +65607,8 @@ rule ELASTIC_Windows_Generic_Threat_278C589E : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2437-L2455" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2437-L2455" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cccc6c1bf15a7d5725981de950475e272c277bc3b9d266c5debf0fc698770355" logic_hash = "v1_sha256_59bbbecd73541750f7221b12895ccf51e1a6863ceca62e23f541df904ad23587" score = 75 @@ -65636,8 +65636,8 @@ rule ELASTIC_Windows_Generic_Threat_6B621667 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2457-L2475" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2457-L2475" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b50b39e460ecd7633a42f0856359088de20512c932fc35af6531ff48c9fa638a" logic_hash = "v1_sha256_3574b7ef24c4387a9919ed9831af7657047b26d8922ab78788619bbd3d0edd56" score = 75 @@ -65665,8 +65665,8 @@ rule ELASTIC_Windows_Generic_Threat_7693D7Fd : FILE MEMORY date = "2024-02-13" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2477-L2495" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2477-L2495" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc40cc5d0bd3722126302f74ace414e6934eca3a8a5c63a11feada2130b34b89" logic_hash = "v1_sha256_886ad084f33faf8baae8a650a88095757c2cff9e18c8f5c50ff36120b43ec082" score = 75 @@ -65694,8 +65694,8 @@ rule ELASTIC_Windows_Generic_Threat_Df5De012 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2497-L2515" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2497-L2515" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "13c06d7b030a46c6bb6351f40184af9fafaf4c67b6a2627a45925dd17501d659" logic_hash = "v1_sha256_1a1ce3644c33a4591ab6582525366d47e07bdc2350aa6066ec5b5fedc605b037" score = 75 @@ -65723,8 +65723,8 @@ rule ELASTIC_Windows_Generic_Threat_0E8530F5 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2517-L2536" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2517-L2536" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9f44d9acf79ed4450195223a9da185c0b0e8a8ea661d365a3ddea38f2732e2b8" logic_hash = "v1_sha256_f4a010366625c059151d3e704f6ece1808f367401729feaf6cc423cf4d5c5c60" score = 75 @@ -65753,8 +65753,8 @@ rule ELASTIC_Windows_Generic_Threat_Ba807E3E : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2538-L2556" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2538-L2556" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cabd0633b37e6465ece334195ff4cc5c3f44cfe46211165efc07f4073aed1049" logic_hash = "v1_sha256_896eedb949eec6dff3e867ae3179b741382dd25ba06c6db452ac1ae5bc6bc757" score = 75 @@ -65782,8 +65782,8 @@ rule ELASTIC_Windows_Generic_Threat_4578Ee8C : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2558-L2576" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2558-L2576" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "699fecdb0bf27994d67492dc480f4ba1320acdd75e5881afbc5f73c982453fed" logic_hash = "v1_sha256_1a519bb84aae29057536ea09e53ff97cfe34a70c84ac6fa7d1ec173de3754f03" score = 75 @@ -65811,8 +65811,8 @@ rule ELASTIC_Windows_Generic_Threat_Ebf62328 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2578-L2598" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2578-L2598" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dfce19aa2e1a3e983c3bfb2e4bbd7617b96d57602d7a6da6fee7b282e354c9e1" logic_hash = "v1_sha256_e99b56dde761c5efad14f935befa4d1dbb31cd305b5d6af05a90d44dc3cd0098" score = 75 @@ -65842,8 +65842,8 @@ rule ELASTIC_Windows_Generic_Threat_Dcc622A4 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2600-L2618" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2600-L2618" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "94a3f10396c07783586070119becf0924de9a7caf449d6e07065837d54e6222d" logic_hash = "v1_sha256_9254226918f39389ccc347de1c5064552a8500ccef1884b8e27b6e98c651f45b" score = 75 @@ -65871,8 +65871,8 @@ rule ELASTIC_Windows_Generic_Threat_046Aa1Ec : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2620-L2638" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2620-L2638" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c74cf499fb9298d43a6e64930addb1f8a8d8336c796b9bc02ffc260684ec60a2" logic_hash = "v1_sha256_da6552da3db4851806f5a0ce3c324a79acf4ee4b2690cb02cc8d8c88a2ba28f8" score = 75 @@ -65900,8 +65900,8 @@ rule ELASTIC_Windows_Generic_Threat_85C73807 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2640-L2658" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2640-L2658" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7f560a22c1f7511518656ac30350229f7a6847d26e1b3857e283f7dcee2604a0" logic_hash = "v1_sha256_90aa64f17b91ccdf367e1976cd1f5e89e15c7369a58b2d19187143e70939d756" score = 75 @@ -65929,8 +65929,8 @@ rule ELASTIC_Windows_Generic_Threat_642Df623 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2660-L2678" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2660-L2678" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e5ba85d1a6a54df38b5fa655703c3457783f4a4f71e178f83d8aac878d4847da" logic_hash = "v1_sha256_555eb66f117312fa4ff3a49c0c40f89caddec3eb4b93d11bda2cce40529d46a0" score = 75 @@ -65958,8 +65958,8 @@ rule ELASTIC_Windows_Generic_Threat_27A2994F : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2680-L2698" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2680-L2698" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e534914e06d90e119ce87f5abb446c57ec3473a29a7a9e7dc066fdc00dc68adc" logic_hash = "v1_sha256_66f34ba3052e2369528aeaf076f10d58f8f3dca420666246e02191fecb057f8c" score = 75 @@ -65987,8 +65987,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbceec58 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2700-L2718" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2700-L2718" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fbec30528e6f261aebf0d41f3cd6d35fcc937f1e20e1070f99b1b327f02b91e0" logic_hash = "v1_sha256_2a99fb7b342b43e3a4f0136d7d618625ca5708ae32e6fcabb11420bd8c89915b" score = 75 @@ -66016,8 +66016,8 @@ rule ELASTIC_Windows_Generic_Threat_7407Eb79 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2720-L2738" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2720-L2738" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9ae0f053c8e2c4f4381eac8265170b79301d4a22ec1fdb86e5eb212c51a75d14" logic_hash = "v1_sha256_a60c3e54493f9dab71584ba301c41c43f30d554df8c0b05674995faaf407ee48" score = 75 @@ -66045,8 +66045,8 @@ rule ELASTIC_Windows_Generic_Threat_3613Fa12 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2740-L2758" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2740-L2758" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1403ec99f262c964e3de133a10815e34d2f104b113b0197ab43c6b7b40b536c0" logic_hash = "v1_sha256_77b23aaf384de138214e64342e170f3dce667ee41c3063c999286da9af6fff42" score = 75 @@ -66074,8 +66074,8 @@ rule ELASTIC_Windows_Generic_Threat_B125Fff2 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2760-L2778" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2760-L2778" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9c641c0c8c2fd8831ee4e3b29a2a65f070b54775e64821c50b8ccd387e602097" logic_hash = "v1_sha256_054f3f36c688e1f5c3116e7a926df12df90f79dc1d42bee2616b5251f6ad2c24" score = 75 @@ -66103,8 +66103,8 @@ rule ELASTIC_Windows_Generic_Threat_D7E5Ec2D : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2780-L2798" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2780-L2798" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fe711664a565566cbc710d5e678a9a30063a2db151ebec226e2abcd24c0a7e68" logic_hash = "v1_sha256_4edb8cc1da81e0b9b3a8facc9a9a7d1e27dff0d2db7851d06a209beec3ccb463" score = 75 @@ -66132,8 +66132,8 @@ rule ELASTIC_Windows_Generic_Threat_1636C2Bf : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2800-L2818" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2800-L2818" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6e43916db43d8217214bbe4eb32ed3d82d0ac423cffc91d053a317a3dbe6dafb" logic_hash = "v1_sha256_c8b198cd5f9277ff3808ee2a313ab979d544b9e609d6623876d2e3c3c5668e38" score = 75 @@ -66161,8 +66161,8 @@ rule ELASTIC_Windows_Generic_Threat_0A640296 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2820-L2838" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2820-L2838" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3682eff62caaf2c90adef447d3ff48a3f9c34c571046f379d2eaf121976f1d07" logic_hash = "v1_sha256_743c47c7a58e7d65261818b4b444aaf8015b9b55d3e54526b1d63a8770a6c5aa" score = 75 @@ -66190,8 +66190,8 @@ rule ELASTIC_Windows_Generic_Threat_B1Ef4828 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2840-L2859" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2840-L2859" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "29b20ff8ebad05e4a33c925251d08824ca155f5d9fa72d6f9e359e6ec6c61279" logic_hash = "v1_sha256_d5d63f38308c6f8e5ca54567c7c8b93fcde69601fbcc28d56d5231edd28163cf" score = 75 @@ -66220,8 +66220,8 @@ rule ELASTIC_Windows_Generic_Threat_48Cbdc20 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2861-L2880" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2861-L2880" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7a7704c64e64d3a1f76fc718d5b5a5e3d46beeeb62f0493f22e50865ddf66594" logic_hash = "v1_sha256_687d0f3dc85a7e4b23019deec59ee77c211101d40ed6622a952e69ebc4151483" score = 75 @@ -66250,8 +66250,8 @@ rule ELASTIC_Windows_Generic_Threat_420E1Cdc : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2882-L2900" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2882-L2900" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b20254e03f7f1e79fec51d614ee0cfe0cb87432f3a53cf98cf8c047c13e2d774" logic_hash = "v1_sha256_6bd8a7bd4392e04d64f2e0b93d80978f59f9af634a0c971ca61cb9cb593743e0" score = 75 @@ -66279,8 +66279,8 @@ rule ELASTIC_Windows_Generic_Threat_4C37E16E : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2902-L2921" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2902-L2921" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d83a8ed5e192b3fe9d74f3a9966fa094d23676c7e6586c9240d97c252b8e4e74" logic_hash = "v1_sha256_dabac8aa6a3f4d4bd726161fc6573ca9de4088e7d818c3cf33cafc91f680e7aa" score = 75 @@ -66309,8 +66309,8 @@ rule ELASTIC_Windows_Generic_Threat_5Be3A474 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2923-L2941" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2923-L2941" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b902954d634307260d5bd8fb6248271f933c1cbc649aa2073bf05e79c1aedb66" logic_hash = "v1_sha256_0f0f46e3bdebb47a4f43ccb64d65ab1e15d68d38c117cb25e5723ec16e7e0758" score = 75 @@ -66338,8 +66338,8 @@ rule ELASTIC_Windows_Generic_Threat_B191061E : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2943-L2961" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2943-L2961" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bd4ef6fae7f29def8e5894bf05057653248f009422de85c1e425d04a0b2df258" logic_hash = "v1_sha256_cbee10eab984249ceb9f8a82dc06aa014d6a249321f3d4f0d1e5657aab205ec8" score = 75 @@ -66367,8 +66367,8 @@ rule ELASTIC_Windows_Generic_Threat_05F52E4D : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2963-L2981" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2963-L2981" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e578b795f8ed77c1057d8e6b827f7426fd4881f02949bfc83bcad11fa7eb2403" logic_hash = "v1_sha256_79898b59b6d3564aad85d823a1450600faff5b1d2dbfbe0cee4cc59971e4f542" score = 75 @@ -66396,8 +66396,8 @@ rule ELASTIC_Windows_Generic_Threat_C34E19E9 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L2983-L3001" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L2983-L3001" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f9048348a59d9f824b45b16b1fdba9bfeda513aa9fbe671442f84b81679232db" logic_hash = "v1_sha256_87999b6f2cf359b6436ee7e57691ac73fc41f3947bf8fef3f6b98148e17f180d" score = 75 @@ -66425,8 +66425,8 @@ rule ELASTIC_Windows_Generic_Threat_E691Eaa1 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3003-L3021" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3003-L3021" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "afa5f36860e69b9134b93e9ad32fed0a5923772e701437e1054ea98e76f28a77" logic_hash = "v1_sha256_0ac310e3f7cf99b77c2dcfea582752e2f1414caf43965c25d2f3f03cf27586cc" score = 75 @@ -66454,8 +66454,8 @@ rule ELASTIC_Windows_Generic_Threat_5E33Bb4B : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3023-L3041" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3023-L3041" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "13c06d7b030a46c6bb6351f40184af9fafaf4c67b6a2627a45925dd17501d659" logic_hash = "v1_sha256_7e2002c3917ccab7d9f56a7aa20ea75be71aa7fdc64b7c3f87edb68be38e74b2" score = 75 @@ -66483,8 +66483,8 @@ rule ELASTIC_Windows_Generic_Threat_Be64Ba10 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3043-L3062" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3043-L3062" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a" logic_hash = "v1_sha256_c6acce53610baf119a0e2d55fc698a976463bbd21b739d4ac39a75383fa5fed2" score = 75 @@ -66513,8 +66513,8 @@ rule ELASTIC_Windows_Generic_Threat_7Bb75582 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3064-L3082" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3064-L3082" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "35f9698e9b9f611b3dd92466f18f97f4a8b4506ed6f10d4ac84303177f43522d" logic_hash = "v1_sha256_d959f755d28782b332248085034950a8d4cad3cde13b22254c90ca3952919e1b" score = 75 @@ -66542,8 +66542,8 @@ rule ELASTIC_Windows_Generic_Threat_59698796 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3084-L3102" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3084-L3102" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "35f9698e9b9f611b3dd92466f18f97f4a8b4506ed6f10d4ac84303177f43522d" logic_hash = "v1_sha256_59569049dbb09b7e15110fb8de1a146eb7fd606f116b4dd6c75ca973fb62296e" score = 75 @@ -66571,8 +66571,8 @@ rule ELASTIC_Windows_Generic_Threat_2Ae9B09E : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3104-L3122" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3104-L3122" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dc8f4784c368676cd411b7d618407c416d9e56d116dd3cd17c3f750e6cb60c40" logic_hash = "v1_sha256_183249214e5f8143eb91caf20778b870d17d7a52b6d71ad603827e8716e7e447" score = 75 @@ -66600,8 +66600,8 @@ rule ELASTIC_Windows_Generic_Threat_604A8763 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3124-L3142" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3124-L3142" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2a51fb11032ec011448184a4f2837d05638a7673d16dcf5dcf4005de3f87883a" logic_hash = "v1_sha256_cf88c0d102680fc7c16d49b6e8dc49c16b27d5940edf078e667a45e70ebe3883" score = 75 @@ -66629,8 +66629,8 @@ rule ELASTIC_Windows_Generic_Threat_F45B3F09 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3144-L3162" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3144-L3162" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "577f1dbd76030c7e44ed28c748551691d446e268189af94e1fa1545f06395178" logic_hash = "v1_sha256_9b01ad1271cc5052a793e5a885aa7289cbaea4a928f60d64194477c3036496ed" score = 75 @@ -66658,8 +66658,8 @@ rule ELASTIC_Windows_Generic_Threat_3F390999 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3164-L3182" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3164-L3182" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1b6fc4eaef3515058f85551e7e5dffb68b9a0550cd7f9ebcbac158dac9ababf1" logic_hash = "v1_sha256_462a7a38ebbb39515ac2c0a10353660d0cadcfb99360adcd200edc1db5a716ba" score = 75 @@ -66687,8 +66687,8 @@ rule ELASTIC_Windows_Generic_Threat_Abd1C09D : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3184-L3202" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3184-L3202" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ff09d2352c2163465d8c86f94baa25ba85c35698a5e3fbc52bc95afc06b7e85" logic_hash = "v1_sha256_80e6f317e5cd91cb3819e9251efc8c96218071bec577a38c8784826dd4a657cb" score = 75 @@ -66716,8 +66716,8 @@ rule ELASTIC_Windows_Generic_Threat_B7870213 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3204-L3222" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3204-L3222" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "04cb0d5eecea673acc575e54439398cc00e78cc54d8f43c4b9bc353e4fc4430d" logic_hash = "v1_sha256_79b8385543def42259cd9c09d4d7059ff6bb02a9e87cff1bc0a8861e3b333c5f" score = 75 @@ -66745,8 +66745,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bba6Bae : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3224-L3242" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3224-L3242" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d9955c716371422750b77d64256dade6fbd028c8d965db05c0d889d953480373" logic_hash = "v1_sha256_59e4b173c21b0ab161adf8d89f253f21403bca706b6bf40b3da00697f87dd509" score = 75 @@ -66774,8 +66774,8 @@ rule ELASTIC_Windows_Generic_Threat_4Db75701 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3244-L3262" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3244-L3262" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fa7847d21d5a350cf96d7ecbcf13dce63e6a0937971cfb479700c5b31850bba9" logic_hash = "v1_sha256_65f7d15ed551e069b30ce6c0a5f15d01d24b8b29727950269c9956fcf6dc799d" score = 75 @@ -66803,8 +66803,8 @@ rule ELASTIC_Windows_Generic_Threat_54A914C9 : FILE MEMORY date = "2024-03-25" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3264-L3282" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3264-L3282" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c418c5ad8030985bb5067cda61caba3b7a0d24cb8d3f93fc09d452fbdf4174ec" logic_hash = "v1_sha256_0cc3797564b4c722423f915493e07b0e0fec3085e7a535f9914f82d73c797bed" score = 75 @@ -66832,8 +66832,8 @@ rule ELASTIC_Windows_Generic_Threat_38A88967 : FILE MEMORY date = "2024-03-25" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3284-L3302" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3284-L3302" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6e425eb1a27c4337f05d12992e33fe0047e30259380002797639d51ef9509739" logic_hash = "v1_sha256_ddbdb1c39a07141d83173504214c889aff75487570d906413ebc6f262fedf9ae" score = 75 @@ -66861,8 +66861,8 @@ rule ELASTIC_Windows_Generic_Threat_E8Abb835 : FILE MEMORY date = "2024-03-26" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3304-L3322" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3304-L3322" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e42262671325bec300afa722cefb584e477c3f2782c8d4c6402d6863df348cac" logic_hash = "v1_sha256_0ad56b8c741a79a600a0d5588c4e8760a6d19fef72ff7814a00cfb84a90f23aa" score = 75 @@ -66890,8 +66890,8 @@ rule ELASTIC_Windows_Generic_Threat_492D7223 : FILE MEMORY date = "2024-03-26" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3324-L3342" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3324-L3342" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0d9c9297836aceb4400bcb0877d1df90ca387f18f735de195852a909c67b7ef" logic_hash = "v1_sha256_9fb2a00def86ed8476d906514a0bc630e28093ac37d757541d8801d2c8e0efc3" score = 75 @@ -66919,8 +66919,8 @@ rule ELASTIC_Windows_Generic_Threat_Ea296356 : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3344-L3362" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3344-L3362" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4c48a0fe90f3da7bfdd32961da7771a0124b77e1ac1910168020babe8143e959" logic_hash = "v1_sha256_73ffd16f0047cd57311853aa9083fc21427f2eb21646c6edc7b8def86da90f90" score = 75 @@ -66948,8 +66948,8 @@ rule ELASTIC_Windows_Generic_Threat_Aeaeb5Cf : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3364-L3382" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3364-L3382" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f57d955d485904f0c729acff9db1de9cb42f32af993393d58538f07fa273b431" logic_hash = "v1_sha256_640966296bad70234e0fe7b6f87b92fcf4fc111189d307d44f32e926785f76cb" score = 75 @@ -66977,8 +66977,8 @@ rule ELASTIC_Windows_Generic_Threat_C8424507 : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3384-L3403" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3384-L3403" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d556b02733385b823cfe4db7e562e90aa520e2e6fb00fceb76cc0a6a1ff47692" logic_hash = "v1_sha256_78d56257cb6e1d67f9343ee30b844fe20138e27ca3b6312a07112e5dbb797851" score = 75 @@ -67007,8 +67007,8 @@ rule ELASTIC_Windows_Generic_Threat_9Af87Ddb : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3405-L3423" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3405-L3423" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b1fbc11744e21dc08599412887a3a966572614ce25ccd3c8c98f04bcbdda3898" logic_hash = "v1_sha256_99174c5740324d7704a5c6ae924254f9b5f241c97901dfdb771fc176a76e4a30" score = 75 @@ -67036,8 +67036,8 @@ rule ELASTIC_Windows_Generic_Threat_D7B57912 : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3425-L3443" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3425-L3443" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0906599be152dd598c7f540498c44cc38efe9ea976731da05137ee6520288fe4" logic_hash = "v1_sha256_a774e3030d81e29805a9784cfbbc0b69c4fedebe0daa25e403777e1f46f9094f" score = 75 @@ -67065,8 +67065,8 @@ rule ELASTIC_Windows_Generic_Threat_23D33B48 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3445-L3463" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3445-L3463" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "acbc22df07888498ae6f52f5458e3fb8e0682e443a8c2bc97177a0320b4e2098" logic_hash = "v1_sha256_c9fb93bb74e4d45197d0da5b641860738a42a583b15cc098e86ea79bb8690bf7" score = 75 @@ -67094,8 +67094,8 @@ rule ELASTIC_Windows_Generic_Threat_4B0B73Ce : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3465-L3483" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3465-L3483" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "236fc00cd7c75f70904239935ab90f51b03ff347798f56cec1bdd73a286b24c1" logic_hash = "v1_sha256_d53923df612dd7fe0b1b2c94c1c5d747b08723df129089326ec27c5049769cef" score = 75 @@ -67123,8 +67123,8 @@ rule ELASTIC_Windows_Generic_Threat_1F2E969C : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3485-L3503" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3485-L3503" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7def75df729ed66511fbe91eadf15bc69a03618e78c48e27c35497db2a6a97ae" logic_hash = "v1_sha256_7d984a902f9bf40c9b49da89aba9249f80b41b24ca1cdb6189f541b40ef41742" score = 75 @@ -67152,8 +67152,8 @@ rule ELASTIC_Windows_Generic_Threat_27C975Fd : FILE MEMORY date = "2024-10-10" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3505-L3523" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3505-L3523" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0108af363959f90919f24220caf426fba50be3d61f3735bb0f2acbbcc1f56e0c" logic_hash = "v1_sha256_f4c500331ce0857b17970206fae4f8501c6f3a65824f37b6cdde47d0a03ceb78" score = 75 @@ -67181,8 +67181,8 @@ rule ELASTIC_Windows_Generic_Threat_D170474C : FILE MEMORY date = "2024-10-10" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3525-L3543" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3525-L3543" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "63da7ea6d4cd240485ad5c546dd60b90cb98d6f4f18df4bc708f5ec689be952f" logic_hash = "v1_sha256_45089557acec0549acc3f5856c4eef89543ed048984474718376a73085edcb08" score = 75 @@ -67210,8 +67210,8 @@ rule ELASTIC_Windows_Generic_Threat_F57E5E2A : FILE MEMORY date = "2024-10-10" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3545-L3563" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3545-L3563" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bff5112830cc3547c206fb1d028c592a11a3c7cd457ef445b765af86a1e76001" logic_hash = "v1_sha256_ce972e45f87792599b0800883e848221b0c2c99c9a0432659c655903f530e852" score = 75 @@ -67239,8 +67239,8 @@ rule ELASTIC_Windows_Generic_Threat_4Fe0Deb6 : FILE MEMORY date = "2024-10-10" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3565-L3583" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3565-L3583" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5836ef66985e851b37a369b04cce579afdb3b241d46a096bf8b1e8d4df053cd2" logic_hash = "v1_sha256_7737c264c98a0256c0a0075ab6b2e9525550e0ef60fd64a6c50cf8075639e96c" score = 75 @@ -67268,8 +67268,8 @@ rule ELASTIC_Windows_Generic_Threat_C9003B7B : FILE MEMORY date = "2024-10-10" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3585-L3603" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3585-L3603" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ff2a1def8c4fae4166e249edab62d73f44ba3c05d5e3c9fda11399bfe1fcee6c" logic_hash = "v1_sha256_deac86398c04c462d4aa3361c911acec99d422e2ce995ba82fc3e8fe9772c33b" score = 75 @@ -67297,8 +67297,8 @@ rule ELASTIC_Windows_Generic_Threat_21253888 : FILE MEMORY date = "2024-10-11" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3605-L3623" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3605-L3623" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "95e523f4003a10a906ef7c68a258d402e25f235fa9f2b022faff7cae41185b9c" logic_hash = "v1_sha256_121fc74ff09ebd9f2d6eda370b6fa6b5137e0ae59cf6d6f8f18d13e1cc053e15" score = 75 @@ -67326,8 +67326,8 @@ rule ELASTIC_Windows_Generic_Threat_06Dcb833 : FILE MEMORY date = "2024-10-11" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3625-L3643" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3625-L3643" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f7fde85aefb7123ef805c85394907ef73e0983499b49f2290a83aa2b0a2e5e9d" logic_hash = "v1_sha256_cbddf2b858278ad4a9330dac767f0a0bc7691cbf6a93ac389f48cb2286c8cbdc" score = 75 @@ -67355,8 +67355,8 @@ rule ELASTIC_Windows_Generic_Threat_5435Fe36 : FILE MEMORY date = "2024-10-11" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3645-L3663" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3645-L3663" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8c0e26af4f9c783844ea457c3eb7bb2bbe1bf3f860ce180bacab00456f3ae7c1" logic_hash = "v1_sha256_7295e8addf2dcd6192eab261d7a2ca817006a3962dd2e792f51154495be54298" score = 75 @@ -67384,8 +67384,8 @@ rule ELASTIC_Windows_Generic_Threat_491A8310 : FILE MEMORY date = "2024-10-11" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3665-L3683" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3665-L3683" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "59c6846b4676378d9c80d7ced825f0463d1b333546bfcad919ee262cbf6db250" logic_hash = "v1_sha256_45b1017a7ba8d5dc321ac018613587c371380a3340f6893a046a6bdc8a1d2431" score = 75 @@ -67413,8 +67413,8 @@ rule ELASTIC_Windows_Generic_Threat_2F726F2D : FILE MEMORY date = "2024-10-11" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Generic_Threat.yar#L3685-L3703" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Generic_Threat.yar#L3685-L3703" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ede9bd928a216c9844f290be0de6985ed54dceaff041906dca3a3468293464b6" logic_hash = "v1_sha256_41314d0685f957a3cdfa37f8f2275ab19137da289c57069b8d3a3e40e4b802e7" score = 75 @@ -67442,8 +67442,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_52A15A93 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "v1_sha256_ceaf5b06108baa6043e31010d777099ed6ac9b4054e86d41309bd7c2b0ffda11" score = 75 @@ -67471,8 +67471,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_D0Ad9C82 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "v1_sha256_8351cb61f5b712c65962e734a7c29271fa4805720e14b6badc9bc1c0364778f8" score = 75 @@ -67500,8 +67500,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E2C89606 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "v1_sha256_64cb8d8ec04a53f663b216208279afba3c10f148fe99822f9a45100a4f73ed28" score = 75 @@ -67529,8 +67529,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_82B4E3F3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8c91f85bc807605a3233d28a5eb8b6e1cf847fb288cbc4427e86226eed7a2055" score = 75 quality = 75 @@ -67557,8 +67557,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_601352Dc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5714e130075f4780e025fb3810f58a63e618659ac34d12abe211a1b6f2f80269" logic_hash = "v1_sha256_adeeea73b711fc867b88775c06a14011380118ed85691660ba771381e51160e3" score = 75 @@ -67586,8 +67586,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Ddca1181 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_076d4ac69f6bc29975b22e19d429c25ef357443ec8fcaf5165e0a8069112af74" score = 75 quality = 75 @@ -67614,8 +67614,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_65E666C0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "19f9b5382d3e8e604be321aefd47cb72c2337a170403613b853307c266d065dd" logic_hash = "v1_sha256_2d2bec8f89986b19bf1c806b6654405ac6523f49aeafd759b7631d9587d780c8" score = 75 @@ -67643,8 +67643,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_494D5B0F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7e08df5279f4d22f1f27553946b0dadd60bb8242d522a8dceb45ab7636433c2f" logic_hash = "v1_sha256_6ddb94f9f44fe749a442592d491343a99bd870ea2d79596631d857516425e72b" score = 75 @@ -67672,8 +67672,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Bb4F7F39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "v1_sha256_33e8fcbb29cc38b4a8365845eb3a1488e13be964f7383b28a158a98fb259acb4" score = 75 @@ -67701,8 +67701,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_8679E1Cb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_6055ac4800397f6582e60cdf15fa74584986e1e7cf49a541b0ec746445834819" score = 75 quality = 75 @@ -67729,8 +67729,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_29B86E6A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_dd5f44249cc4c91f39a0e7d0b236ebeed8f78d5fcb03c7ebc80ef1c738b18336" score = 75 quality = 75 @@ -67757,8 +67757,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E3086563 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "v1_sha256_5545f7ce8fa45dc56bc4bb5140ce1db527997dfaa1dd2bbb1e4a12af45300065" score = 75 @@ -67786,8 +67786,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_2F114992 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "v1_sha256_f93fe72e08c8ec135cccc8cdab2ecedbb694e9ad39f2572d060864bb3290e25c" score = 75 @@ -67815,8 +67815,8 @@ rule ELASTIC_Windows_Trojan_Xtremerat_Cd5B60Be : FILE MEMORY date = "2022-03-15" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "735f7bf255bdc5ce8e69259c8e24164e5364aeac3ee78782b7b5275c1d793da8" logic_hash = "v1_sha256_a6997ae4842bd45c440925ef2a5848b57c58e2373c0971ce6b328ea297ee97b4" score = 75 @@ -67853,8 +67853,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_21269Be4 : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f" logic_hash = "v1_sha256_a8a2cae51a31e48ffe729df61ec96e3257f9c997ad5234075f85ed55de96f11d" score = 75 @@ -67884,8 +67884,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_98F3C0Be : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f" logic_hash = "v1_sha256_d578515fece7bd464bb09cc5ddb5caf70f4022e8b10388db689e67e662d57f66" score = 75 @@ -67921,8 +67921,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_C2907D77 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "613ac236130ab1654f051d6f0661fa62414f3bef036ea4cc585b4b21a4bb9d2b" logic_hash = "v1_sha256_39b72973bbcddf14604b8ea08339657cba317c23fd4d69d4aa0903b262397988" score = 75 @@ -67950,8 +67950,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_3Eb725D1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6" logic_hash = "v1_sha256_a9530aca53d935f3e77a5f0fc332db16e3a2832be67c067e5a6d18e7ec00e39f" score = 75 @@ -67979,8 +67979,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_400B7595 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6" logic_hash = "v1_sha256_e36acf708875efda88143124e11fef5b0e2f99d17b0c49344db969cf0d454db1" score = 75 @@ -68008,8 +68008,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_E4874Cd4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "v1_sha256_1523fe8f7bbbc7e42f8c2efe5b28dd381007846a1ba7078a6f1a30aedace884b" score = 75 @@ -68037,8 +68037,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_32C35334 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d62d450d48756c09f8788b27301de889c864e597924a0526a325fa602f91f376" score = 75 quality = 75 @@ -68065,8 +68065,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_6Dc1Caab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f4587bd45e57d4106ebe502d2eaa1d97fd68613095234038d67490e74c62ba70" logic_hash = "v1_sha256_fd70960ed6e06f4d152bbd211fbe491dad596010da12cd53c93b577b551b8053" score = 75 @@ -68094,8 +68094,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Dc47A873 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "v1_sha256_2f5bd9e012fd778388074cf29b56c7cd59391840f994835d087b7b661445d316" score = 75 @@ -68123,8 +68123,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Cb0358A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "v1_sha256_1f152b69bf0b2bfa539fdd42c432e456b9efb3766a450333a987313bb12c1826" score = 75 @@ -68152,8 +68152,8 @@ rule ELASTIC_Windows_Hacktool_Sharpup_E5C87C9A : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45e92b991b3633b446473115f97366d9f35acd446d00cd4a05981a056660ad27" logic_hash = "v1_sha256_62e9aafd308aacbc7a124c707e230c5a9ffde4f6929a5feada5497e3eae7668c" score = 75 @@ -68187,8 +68187,8 @@ rule ELASTIC_Linux_Cryptominer_Casdet_5D0D33Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4b09115c876a8b610e1941c768100e03c963c76b250fdd5b12a74253ef9e5fb6" logic_hash = "v1_sha256_e3264f614e257d853070907866b838d1cb53c1f60f7a0123ec503f1d540a15d7" score = 75 @@ -68216,8 +68216,8 @@ rule ELASTIC_Windows_Hacktool_Coffloader_81Ba13B8 : FILE MEMORY date = "2024-04-22" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c2e03659eb1594dc958e01344cfa9ba126d66736b089db5e3dd1b1c3e3e7d2f7" logic_hash = "v1_sha256_d4f061af200a0ae9f3276fd6dfcb09ecdf662f29b7c43ea47c69a53d9fe66793" score = 75 @@ -68269,8 +68269,8 @@ rule ELASTIC_Windows_Trojan_Nimplant_44Ff3211 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b56e20384f98e1d2417bb7dcdbfb375987dd075911b74ea7ead082494836b8f4" logic_hash = "v1_sha256_ee519d8d722404ed440b385d283a41921bc34ee11f0e7273cdc074b377494c39" score = 75 @@ -68300,8 +68300,8 @@ rule ELASTIC_Linux_Exploit_Wuftpd_0991E62F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd" logic_hash = "v1_sha256_71ad26a182c7f16e7e0ad7f7afe0dcf1d38fe953dc0806341d7e21ee4acea87d" score = 75 @@ -68329,8 +68329,8 @@ rule ELASTIC_Windows_Hacktool_Capcom_7Abae448 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24" logic_hash = "v1_sha256_88f25c479cc8970e05ef9d08143afbbbfa17322f34379ba571e3a09105b33ee0" score = 75 @@ -68359,8 +68359,8 @@ rule ELASTIC_Windows_Trojan_Latrodectus_841Ff697 : FILE MEMORY date = "2024-03-13" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c" logic_hash = "v1_sha256_aa1a4813a18b4eb4f07e805ff9c87523ad74f59c0ed538212918335eaeee29d7" score = 75 @@ -68395,8 +68395,8 @@ rule ELASTIC_Linux_Rootkit_Fontonlake_8Fa41F5E : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "826222d399e2fb17ae6bc6a4e1493003881b1406154c4b817f0216249d04a234" logic_hash = "v1_sha256_e90ace26dd74ae948d2469c6f532af5ec3070a21092f8b2c4d47c4f5b9d04c09" score = 75 @@ -68431,8 +68431,8 @@ rule ELASTIC_Linux_Trojan_Orbit_57C23178 : FILE MEMORY date = "2022-07-20" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Orbit.yar#L1-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Orbit.yar#L1-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "40b5127c8cf9d6bec4dbeb61ba766a95c7b2d0cafafcb82ede5a3a679a3e3020" logic_hash = "v1_sha256_25b29e874ea9d400662418ddbb1c995a5a5b49f8ba6f51f59f7aa57cdda74054" score = 75 @@ -68481,8 +68481,8 @@ rule ELASTIC_Linux_Ransomware_Gonnacry_53C3832D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac" logic_hash = "v1_sha256_2b7453c4eb71b71e6a241f728b077a2ee63d988d55a64fedf61c34222799e262" score = 75 @@ -68510,8 +68510,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2908_406C2Fef : FILE MEMORY CVE_2009_2908 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1e05a23f5b3b9cfde183aec26b723147e1816b95dc0fb7f9ac57376efcb22fcd" logic_hash = "v1_sha256_ae379ca7564eb97f141f6ad71ca12973bf1a38cda4bc03e3f4dca1939a9b6b38" score = 75 @@ -68539,8 +68539,8 @@ rule ELASTIC_Linux_Ransomware_Itssoeasy_30Bd68E0 : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "efb1024654e86c0c30d2ac5f97d27f5f27b4dd3f7f6ada65d58691f0d703461c" logic_hash = "v1_sha256_a8838af442d1106bc9a7df93d6d8335ff0275bf5928acbb605e9bad58ce6bbd4" score = 75 @@ -68569,8 +68569,8 @@ rule ELASTIC_Windows_Ransomware_Gandcrab_8D0Ca31D : FILE MEMORY date = "2024-08-27" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_GandCrab.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_GandCrab.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "29eee4f8b088ec1cdac03a04ca834479fce9a0fdf696224c6f19d573f4e2a703" logic_hash = "v1_sha256_0ee46c41031a7e7fbdae0b80bd8c53bfd1a0b9d255072971e74470988e492430" score = 75 @@ -68600,8 +68600,8 @@ rule ELASTIC_Linux_Trojan_Masan_5369C678 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Masan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Masan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f2de9f39ca3910d5b383c245d8ca3c1bdf98e2309553599e0283062e0aeff17f" logic_hash = "v1_sha256_e57b105004216a6054b0561b69cce00c35255c5bd33aa8e403d0a3967cd0697e" score = 75 @@ -68629,8 +68629,8 @@ rule ELASTIC_Linux_Ransomware_Babuk_Bd216Cab : FILE MEMORY date = "2024-05-09" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Babuk.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Babuk.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d305a30017baef4f08cee38a851b57869676e45c66e64bb7cc58d40bf0142fe0" logic_hash = "v1_sha256_b0538be9d8deccc3f77640da28e5fd38a07557e9e5e3c09b11349d7eb50a56b5" score = 75 @@ -68659,8 +68659,8 @@ rule ELASTIC_Linux_Trojan_Mechbot_F2E1C5Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5f8e80e6877ff2de09a12135ee1fc17bee8eb6d811a65495bcbcddf14ecb44a3" logic_hash = "v1_sha256_2ba9ece1ab2360702a59a737a20b6dbd8fca276b543477f9290ab80c6f51e2f1" score = 75 @@ -68688,8 +68688,8 @@ rule ELASTIC_Windows_Trojan_Remcos_B296E965 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Remcos.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Remcos.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed" logic_hash = "v1_sha256_069072abd1182eee50cb9937503d47845e7315d8e3cd6b63576adc8f21820c82" score = 75 @@ -68720,8 +68720,8 @@ rule ELASTIC_Windows_Trojan_Remcos_7591E9F1 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Remcos.yar#L25-L49" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Remcos.yar#L25-L49" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4e6e5ecd1cf9c88d536c894d74320c77967fe08c75066098082bf237283842fa" logic_hash = "v1_sha256_96acf1ba7740a8d34d929ed4a4fa446c984c3a8f64a603d428e782b6997e4d20" score = 75 @@ -68754,8 +68754,8 @@ rule ELASTIC_Windows_Trojan_Zeus_E51C60D7 : FILE MEMORY date = "2021-02-07" modified = "2021-10-04" reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Zeus.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Zeus.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3" logic_hash = "v1_sha256_cde738f95dbad1fbad59e20528b2f577e5e3ee5fcb37c68a45d53c689d2af525" score = 75 @@ -68788,8 +68788,8 @@ rule ELASTIC_Windows_Hacktool_Phant0M_2D6F9B57 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "30978aadd7d7bc86e735facb5046942792ad1beab6919754e6765e0ccbcf89d6" logic_hash = "v1_sha256_a66f8779f77b216f7831617a34c008e4202f36e74f2866c9792cee34b804408d" score = 75 @@ -68822,8 +68822,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_69E20012 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "debb5d12c1b876f47a0057aad19b897c21f17de7b02c0e42f4cce478970f0120" logic_hash = "v1_sha256_5d3c3e3ba7d5d0c20d2fa1a53032da9a93a6727dcd6cb3497bb7bfb8272e4f2b" score = 75 @@ -68856,8 +68856,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_0C629849 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L26-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L26-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ad070542729f3c80d6a981b351095ab8ac836b89a5c788dff367760a2d8b1dbb" logic_hash = "v1_sha256_2bea8f569728ba81af4024bf062a06a5c91b1f057a0b62fe6d51b6fcadedf58c" score = 75 @@ -68889,8 +68889,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_849Cc5D5 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L50-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L50-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "42d734dbd33295bd68e5a545a29303a2104a5a92e5fee31d645e2a6410cc03e9" logic_hash = "v1_sha256_01c708b1e000aecf473e0a1cf23f3812a337b9b21f5b81f7a5e481d06fdaeb16" score = 75 @@ -68921,8 +68921,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Da378432 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L73-L93" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L73-L93" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "277499da700e0dbe27269c7cfb1fc385313c4483912a9a3f0c15adba33ecd0bf" logic_hash = "v1_sha256_cd9df6dff23986d61176e4d3440516b0590abdeebef0e456d1f4924724556fe9" score = 75 @@ -68952,8 +68952,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_B957E45D : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L95-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L95-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "78af84bad4934283024f4bf72dfbf9cc081d2b92a9de32cc36e1289131c783ab" logic_hash = "v1_sha256_27281303d007e6723308e88f335f52723b3ff0ef733d1a0712f5ba268e53a073" score = 75 @@ -68983,8 +68983,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_1A98F2E2 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L117-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L117-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "89be4507c9c24c4ec9a7282f197a9a6819e696d2832df81f7e544095d048fc22" logic_hash = "v1_sha256_23ea1c255472a67746b470e50d982bc91d22ede5e2582cf5cfaa90a1ed4e8805" score = 75 @@ -69014,8 +69014,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_D74153F6 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L139-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L139-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2823d27492e2e7a95b67a08cb269eb6f4175451d58b098ae429330913397d40a" logic_hash = "v1_sha256_c60e7e63183f5bf0354a03f8399576e494e44a30257339ebccb6c19e954d6f3a" score = 75 @@ -69045,8 +69045,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_F7A31E87 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L161-L182" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L161-L182" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "82b55d8c0f0175d02399aaf88ad9e92e2e37ef27d52c7f71271f3516ba884847" logic_hash = "v1_sha256_49583ba4f2bedb9337a8c10df4246bb76a3e60b08ba1a6b8684537fee985d911" score = 75 @@ -69077,8 +69077,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_B0D2D4A4 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L184-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L184-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a37c888875e84069763303476f0df6769df6015b33aded59fc1e23eb604f2163" logic_hash = "v1_sha256_bcabf74900222074ecf9051b6e0cb4ca7a240acd047a1b27137d1d198e23f161" score = 75 @@ -69109,8 +69109,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_5D26689F : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L207-L229" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L207-L229" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dafefb4d79d848384442a697b1316d93fef2741fca854be744896ce1d7f82073" logic_hash = "v1_sha256_e7906273aa7f42920be9d06cdae89c81e0a99e532cdcd7bd714acc5f2bbb0ed5" score = 75 @@ -69142,8 +69142,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_1C8C98Ae : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L231-L251" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L231-L251" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1a2c40531584ed485f3ff532f4269241a76ff171956d03e4f0d3f9c950f186d4" logic_hash = "v1_sha256_fc32aa29f58478f0b7f4f5be61aadec65842c05b7d8ded840530503eae28b8eb" score = 75 @@ -69173,8 +69173,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_47F4B334 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L253-L277" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L253-L277" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c3821f63a7ec8861a6168b4bb494bf8cbac436b3abf5eaffbc6907fd68ebedb8" logic_hash = "v1_sha256_34c8182d3b5ecbebd122d2d58fc0502a6bbca020b528ffdcc9ee988f21512d99" score = 75 @@ -69208,8 +69208,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_0B014E0E : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L279-L303" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L279-L303" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a24443331508cc72b3391353f91cd009cafcc223ac5939eab12faf57447e3162" logic_hash = "v1_sha256_cb19a0461d5fe6066d1fed4898ea12a9818be69d870e511559b19d5c7c959819" score = 75 @@ -69243,8 +69243,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Ccc99Be1 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L305-L327" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L305-L327" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0e9f52d7aa6bff33bfbdba6513d402db3913d4036a5e1c1c83f4ccd5cc8107c8" logic_hash = "v1_sha256_96af2123251587ece32e424202ff61cfa70faf2916cacddf5fcd9d81bf483032" score = 75 @@ -69276,8 +69276,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Ed4B2C85 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L329-L348" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L329-L348" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0709a60149ca110f6e016a257f9ac35c6f64f50cfbd71075c4ca8bfe843c3211" logic_hash = "v1_sha256_79e466b2f40a6769db498cc28cb22ba72ec20f92c8450d6f1f8301d00012f967" score = 75 @@ -69306,8 +69306,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_2B0Ad6F0 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L350-L371" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L350-L371" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "aa2bce61511c72ac03562b5178aad57bce8b46916160689ed07693790cbfbeec" logic_hash = "v1_sha256_91b4547e44c40cafe09dd415f0b5dfe5980fcb10d50aeae844cf21e7608d9a9d" score = 75 @@ -69338,8 +69338,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Bf205D5A : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L373-L397" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L373-L397" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2162a89f70edd7a7f93f8972c6a13782fb466cdada41f255f0511730ec20d037" logic_hash = "v1_sha256_9f4c84fadc3d7555c80efc9c9c5dcb01d4ea65d2ff191aa63ae8316f763ded3f" score = 75 @@ -69373,8 +69373,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_E5B61173 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L399-L420" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L399-L420" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8032a7a320102c8e038db16d51b8615ee49f04dab1444326463f75ce0c5947a5" logic_hash = "v1_sha256_f60d2de0b7fac06b62616d7c7f51e9374df3895eb30a07040e742cbcb462a418" score = 75 @@ -69405,8 +69405,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Dd5Fd075 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Metasploit.yar#L422-L443" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Metasploit.yar#L422-L443" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b47132a92b66c32c88f39fe36d0287c6b864043273939116225235d4c5b4043a" logic_hash = "v1_sha256_f5101d5ddb1a84127e755677da70d9154849c546ac6ef0e7ef2639c82911eb92" score = 75 @@ -69437,8 +69437,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_2Aa8Fbb5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_21d8bec73476783e01d2a51a99233f186d7c72b49c9292c42e19e1aa6397d415" score = 75 quality = 75 @@ -69465,8 +69465,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_0998F811 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_178f6c42582dd99cc5418388d020d4d76f2a9204297a673359fe0a300121c35b" score = 75 quality = 75 @@ -69493,8 +69493,8 @@ rule ELASTIC_Windows_Trojan_Pandastealer_8B333E76 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935" logic_hash = "v1_sha256_5878799338fc18bac0f946faeadd59c921dee32c9391fc12d22c72c0cd6733a8" score = 75 @@ -69526,8 +69526,8 @@ rule ELASTIC_Linux_Trojan_Mirai_268Aac0B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "v1_sha256_6eae3aba35d3379fa194b66a1b4e0d78d0d0b88386cd4ea5dfeb3c072642c7ba" score = 75 @@ -69555,8 +69555,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5F2Abe2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74" logic_hash = "v1_sha256_169e7e5d1a7ea8c219464e22df9be8bc8caa2e78e1bc725674c8e0b14f6b9fc5" score = 75 @@ -69584,8 +69584,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1Cb033F3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L41-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L41-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_ebaf45ce58124aa91b07ebb48779e6da73baa0b80b13e663c13d8fb2bb47ad0d" score = 75 quality = 75 @@ -69612,8 +69612,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa3Ad9D0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "v1_sha256_5890c85872ea4508e673235b20b481972f613f6e5f9564c0237c458995532347" score = 75 @@ -69641,8 +69641,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Cb1699C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "v1_sha256_97307f583240290de2bfc663b99f8dcdedace92885bd3e0c0340709b94c0bc2a" score = 75 @@ -69670,8 +69670,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6F021787 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88183d71359c16d91a3252085ad5a270ad3e196fe431e3019b0810ecfd85ae10" logic_hash = "v1_sha256_7e8062682a0babbaa3c00975807ba9fc34c465afde55e4144944e7598f0ea1fd" score = 75 @@ -69699,8 +69699,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1E0C5Ce0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d" logic_hash = "v1_sha256_591cc3ef6932bf990f56c932866b34778e8eccd0e343f9bd6126eb8205a12ecc" score = 75 @@ -69728,8 +69728,8 @@ rule ELASTIC_Linux_Trojan_Mirai_22965A6D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L140-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L140-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "09c821aa8977f67878f8769f717c792d69436a951bb5ac06ce5052f46da80a48" logic_hash = "v1_sha256_6b2a46694edf709d28267268252cfe95d88049b7dca854059cfe44479ada7423" score = 75 @@ -69757,8 +69757,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4032Ade1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L160-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L160-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6150fbbefb916583a0e888dee8ed3df8ec197ba7c04f89fb24f31de50226e688" logic_hash = "v1_sha256_9c5e24c4efd4035408897f638d3579c3798139fd18178cee4a944b49c13e1532" score = 75 @@ -69786,8 +69786,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B14F4C5D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L180-L197" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L180-L197" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1a2114a7b397c850d732940a0e154bc04fbee1fdc12d343947b343b9b27a8af1" score = 75 quality = 75 @@ -69814,8 +69814,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C8385B81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L199-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L199-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3d27736caccdd3199a14ce29d91b1812d1d597a4fa8472698e6df6ef716f5ce9" logic_hash = "v1_sha256_4ff1f0912fb92e7ac5af49e1738dac897ff1f0a118d8ff905da45b0a91b3f4a7" score = 75 @@ -69843,8 +69843,8 @@ rule ELASTIC_Linux_Trojan_Mirai_122Ff2E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L219-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L219-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4" logic_hash = "v1_sha256_62884309b9095cdd6219c9ef6cd77a0f712640d8a1db4afe5b1d01f4bbe5acc2" score = 75 @@ -69872,8 +69872,8 @@ rule ELASTIC_Linux_Trojan_Mirai_26Cba88C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L239-L257" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L239-L257" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4b4758bff3dcaa5640e340d27abba5c2e2b02c3c4a582374e183986375e49be8" logic_hash = "v1_sha256_bb5a0f9e68655556ab9fccc27d11bf7828c299720bb67948455579d6a7eb2a9f" score = 75 @@ -69901,8 +69901,8 @@ rule ELASTIC_Linux_Trojan_Mirai_93Fc3657 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L259-L277" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L259-L277" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "v1_sha256_0b5278feddd00b0b24ca735bf7cd1440379c6ce5aca6d2a6f38c9fdcedcb3c0d" score = 75 @@ -69930,8 +69930,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7C88Acbc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L279-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L279-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_76373f8e09b7467ac5d36e8baad3025a57568e891434297e53f2629a72cf8929" score = 75 quality = 75 @@ -69958,8 +69958,8 @@ rule ELASTIC_Linux_Trojan_Mirai_804F8E7C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L298-L316" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L298-L316" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "v1_sha256_711d74406d9b0d658b3b29f647bd659699ac0af9cd482403122124ec6054f1ec" score = 75 @@ -69987,8 +69987,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A2D2E15A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L318-L336" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L318-L336" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "567c3ce9bbbda760be81c286bfb2252418f551a64ba1189f6c0ec8ec059cee49" logic_hash = "v1_sha256_c76fe953c4a70110346a020f2b27c7e79f4ad8a24fd92ac26e5ddd1fed068f65" score = 75 @@ -70016,8 +70016,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5946F41B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L338-L356" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L338-L356" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f0b6bf8a683f8692973ea8291129c9764269a6739650ec3f9ee50d222df0a38a" logic_hash = "v1_sha256_43691675db419426413ccc24aa9dfe94456fa1007630652b08a625eafd1f17b8" score = 75 @@ -70045,8 +70045,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Da4Aa3B3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L358-L376" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L358-L376" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dbc246032d432318f23a4c1e5b6fcd787df29da3bf418613f588f758dcd80617" logic_hash = "v1_sha256_84ddc505d2e2be955b88a0fe3b78d435f73c0a315b513e105933e84be78ba2ad" score = 75 @@ -70074,8 +70074,8 @@ rule ELASTIC_Linux_Trojan_Mirai_70Ef58F1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L378-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L378-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "v1_sha256_3ad201d643e8f93a6f9075c03a76020d78186702a19bf9174b08688a2e94ef5c" score = 75 @@ -70103,8 +70103,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ea584243 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L398-L416" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L398-L416" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47" logic_hash = "v1_sha256_34c6f800c849c295797cdd971fb4f3d16d680530f9a98c291388345569708208" score = 75 @@ -70132,8 +70132,8 @@ rule ELASTIC_Linux_Trojan_Mirai_564B8Eda : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L418-L436" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L418-L436" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee" logic_hash = "v1_sha256_4bf11492f480911629623250146554f2456f3a527f5f80402ef74b22c1460462" score = 75 @@ -70161,8 +70161,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7E9F85Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L438-L456" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L438-L456" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4333e80fd311b28c948bab7fb3f5efb40adda766f1ea4bed96a8db5fe0d80ea1" logic_hash = "v1_sha256_f4ce912e190bc5dcb56541f54ba8e47b6103c482bdc7e83b44693d2c066c0170" score = 75 @@ -70190,8 +70190,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A85A418 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L458-L476" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L458-L476" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a" logic_hash = "v1_sha256_bd7fe497fb2557c9e9c26ec90e783f03cbbc9bdaa8d20b364ce65edf6c1e5fa3" score = 75 @@ -70219,8 +70219,8 @@ rule ELASTIC_Linux_Trojan_Mirai_24C5B7D6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L478-L496" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L478-L496" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7c2f8ba2d6f1e67d1b4a3a737a449429c322d945d49dafb9e8c66608ab2154c4" logic_hash = "v1_sha256_f790f6b8fcf932773054525ed74a3f15998d91a2626ae9c56486de8dabc2035c" score = 75 @@ -70248,8 +70248,8 @@ rule ELASTIC_Linux_Trojan_Mirai_99D78950 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L498-L516" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L498-L516" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "v1_sha256_bfd628a9973f85ed0a8be2723c7ff4bd028af00ea98c9cbcde9df6aabcf394b2" score = 75 @@ -70277,8 +70277,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Fe3C668 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L518-L535" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L518-L535" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e75b2dca7de7d9f31a0ae5940dc45d0e6d0f1ca110b5458fc99912400da97bde" score = 75 quality = 75 @@ -70305,8 +70305,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eedfbfc6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L537-L555" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L537-L555" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b7342f7437a3a16805a7a8d4a667e0e018584f9a99591413650e05d21d3e6da6" logic_hash = "v1_sha256_949b32db1a00570fc84fbbe510f57f6e898d089efd3fedbd7719f8059021b6bc" score = 75 @@ -70334,8 +70334,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6D96Ae91 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L557-L575" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L557-L575" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e3a1d92df6fb566e09c389cfb085126d2ea0f51a776ec099afb8913ef5e96f9b" logic_hash = "v1_sha256_43b0ac7090620eb6c892f1105778c395bf18f5ac309ce1b2d9015b5abccbfc2a" score = 75 @@ -70363,8 +70363,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D8779A57 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L577-L595" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L577-L595" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74" logic_hash = "v1_sha256_2154786bbb6dbcc280aaa9e2b75106b585d04c7c85f6162f441c81dc54663cb3" score = 75 @@ -70392,8 +70392,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3E72E107 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L597-L615" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L597-L615" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "57d04035b68950246dd152054e949008dafb810f3705710d09911876cd44aec7" logic_hash = "v1_sha256_ba0ba56ded8977502ad9f8a1ceebd30efbff964d576bbfeedff5761f0538d8f0" score = 75 @@ -70421,8 +70421,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5C62E6B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L617-L635" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L617-L635" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "v1_sha256_6505c4272f0f7c8c5f2d3f7cefdc3947c4015b0dfd94efde4357a506af93a99d" score = 75 @@ -70450,8 +70450,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C5430Ff9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L637-L655" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L637-L655" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5676773882a84d0efc220dd7595c4594bc824cbe3eeddfadc00ac3c8e899aa77" logic_hash = "v1_sha256_8c385980560cd4b24e703744b57a9d5ea1bca8fbeea066e98dd4b40009e56104" score = 75 @@ -70479,8 +70479,8 @@ rule ELASTIC_Linux_Trojan_Mirai_402Adc45 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L657-L675" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L657-L675" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4" logic_hash = "v1_sha256_dab879d57507d5e119ddf4ce6ed33570c74f185a2260e97a7ec1d6c844943e5d" score = 75 @@ -70508,8 +70508,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A39Dfaa7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L677-L694" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L677-L694" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_98fde36fc412b6aa50c80c12118975a6bf754a9fba94f1cc3cdeed22565d6b0d" score = 75 quality = 75 @@ -70536,8 +70536,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E3E6D768 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L696-L714" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L696-L714" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b505cb26d3ead5a0ef82d2c87a9b352cc0268ef0571f5e28defca7131065545e" logic_hash = "v1_sha256_b848c7200f405d77553d661a6c49fb958df225875957ead35b35091995f307d1" score = 75 @@ -70565,8 +70565,8 @@ rule ELASTIC_Linux_Trojan_Mirai_520Deeb8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L716-L733" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L716-L733" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_671c17835f30cce1e5d68dbf3a73d340069b1b55a2ac42fc132c008cb2da622e" score = 75 quality = 75 @@ -70593,8 +70593,8 @@ rule ELASTIC_Linux_Trojan_Mirai_77137320 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L735-L753" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L735-L753" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "v1_sha256_ee48e0478845a61dbbdb5cc3ee5194eb272fcf6dcf139381f068c9af1557d0d4" score = 75 @@ -70622,8 +70622,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A6A81F9C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L755-L772" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L755-L772" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_0d31cc1f4a673c13e6c81c492acbe16e1e0dfb0b15913fb276ea4abff18b32af" score = 75 quality = 75 @@ -70650,8 +70650,8 @@ rule ELASTIC_Linux_Trojan_Mirai_485C4B13 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L774-L792" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L774-L792" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "v1_sha256_9625e4190559cc77f41ebef24f9bfa5e3d2e2259c12b301148c614b0f98b5835" score = 75 @@ -70679,8 +70679,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7146E518 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L794-L811" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L794-L811" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_374602254be1f5c1dbb00ad25d870722e03d674033dfcf953a2895e1f50c637d" score = 75 quality = 75 @@ -70707,8 +70707,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6A77Af0F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L813-L830" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L813-L830" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7d7623dfc1e16c7c02294607ddf46edd12cdc7d39a2b920d8711dc47c383731b" score = 75 quality = 75 @@ -70735,8 +70735,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5F7B67B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L832-L849" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L832-L849" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_b2aedc0361c1093d7a996f26d907da3e4654c32a6dbcdbab441c19d4207f2e2a" score = 75 quality = 75 @@ -70763,8 +70763,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A3Cedc45 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L851-L869" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L851-L869" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4" logic_hash = "v1_sha256_9233e6faa43d8ea43ff3c71ecb5248d5d311b2a593825c299cac4466278cd020" score = 75 @@ -70792,8 +70792,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7D05725E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L871-L889" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L871-L889" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "v1_sha256_ac2d0b81325ce7984bc09f93e61b42c8e312a31c75f09d37313d70cd40d3cf8b" score = 75 @@ -70821,8 +70821,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa48B592 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L891-L909" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L891-L909" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee" logic_hash = "v1_sha256_5648bcc96b1fdd1529b4b8765b1738594d0d61f7880b763e803cd89bd117e96b" score = 75 @@ -70850,8 +70850,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B9A9D04B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L911-L928" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L911-L928" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_61575576be4c1991bc381965a40e5d9d751bba2680a42907b0148651716419fc" score = 75 quality = 75 @@ -70878,8 +70878,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D2205527 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L930-L948" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L930-L948" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e4f584d1f75f0d7c98b325adc55025304d55907e8eb77b328c007600180d6f06" logic_hash = "v1_sha256_172ba256873cce61047a5198733cacaff4ef343c9cbd76f2fbbf0e1ed8003236" score = 75 @@ -70907,8 +70907,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab073861 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L950-L968" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L950-L968" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "175444a9c9ca78565de4b2eabe341f51b55e59dec00090574ee0f1875422cbac" logic_hash = "v1_sha256_251b92c4fec9d113025c6869c279247a3dd16ee094c8861fe43a33f87132bf75" score = 75 @@ -70936,8 +70936,8 @@ rule ELASTIC_Linux_Trojan_Mirai_637F2C04 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L970-L987" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L970-L987" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_cff4aa6c613ccc64f64441f7e40f79d3a22b5c12856c32814545bd41d5f112bd" score = 75 quality = 75 @@ -70964,8 +70964,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Aa39Fb02 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_ffa95d92a2b619008bd5918cd34a17cd034b2830dc09d495db4b0c397b1cb53a" score = 75 quality = 75 @@ -70992,8 +70992,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bce98A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80" logic_hash = "v1_sha256_04d10ef03c178fb101d3c6b6d3b36f0aa04149b9b35a33c3d10d17af1fc07625" score = 75 @@ -71021,8 +71021,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A56423B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_0c2765a5c1b331eb9ff5e542bc72eff7be3506e6caef94128413d500086715c6" score = 75 quality = 75 @@ -71049,8 +71049,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D18B3463 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cd86534d709877ec737ceb016b2a5889d2e3562ffa45a278bc615838c2e9ebc3" logic_hash = "v1_sha256_f906c6f9baae6d6fa3f42e84607549bae44ed9ca847fd916d04f2671eef1caa1" score = 75 @@ -71078,8 +71078,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fe721Dc5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e9312eefb5f14a27d96e973139e45098c2f62a24d5254ca24dea64b9888a4448" score = 75 quality = 75 @@ -71106,8 +71106,8 @@ rule ELASTIC_Linux_Trojan_Mirai_575F5Bc8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_dec143d096f5774f297ce90ef664ae50c40ae4f87843bbb34e496565c0faf3b2" score = 75 quality = 75 @@ -71134,8 +71134,8 @@ rule ELASTIC_Linux_Trojan_Mirai_449937Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe" logic_hash = "v1_sha256_d459e46893115dbdef46bcaceb6a66255ef3a389f1bf7173b0e0bd0d8ce024fb" score = 75 @@ -71163,8 +71163,8 @@ rule ELASTIC_Linux_Trojan_Mirai_2E3F67A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "v1_sha256_8c83c5d32c58041444f33264f692a7580c76324d2cbad736fdd737bdfcd63595" score = 75 @@ -71192,8 +71192,8 @@ rule ELASTIC_Linux_Trojan_Mirai_01E4A728 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_753936b97a36c774975a1d0988f6f908d4b5e5906498aa34c606d4cd971f1ba5" score = 75 quality = 75 @@ -71220,8 +71220,8 @@ rule ELASTIC_Linux_Trojan_Mirai_64D5Cde2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "caf2a8c199156db2f39dbb0a303db56040f615c4410e074ef56be2662752ca9d" logic_hash = "v1_sha256_08f3635e5517185cae936b39f503bbeba5aed2e36abdd805170a259bc5e3644f" score = 75 @@ -71249,8 +71249,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0D73971C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "v1_sha256_56f3bac05fce0a0458e5b80197335e7bef6dcd50b9feb6f1008b8679f29cf37a" score = 75 @@ -71278,8 +71278,8 @@ rule ELASTIC_Linux_Trojan_Mirai_82C361D4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f8dbcf0fc52f0c717c8680cb5171a8c6c395f14fd40a2af75efc9ba5684a5b49" logic_hash = "v1_sha256_766a964d7d35525fbc88adcf86fb69d11f9c63c0d28ceefb3ae79797a7161193" score = 75 @@ -71307,8 +71307,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ec591E81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7d45a4a128c25f317020b5d042ab893e9875b6ff0ef17482b984f5b3fe87e451" logic_hash = "v1_sha256_f2a147fe7f98d2b3141a1fda118ee803c81d9bc6f498bfaf3557665397eb44da" score = 75 @@ -71336,8 +71336,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Eba3F5A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2e4f89c76dfefd4b2bfd1cf0467ac0324026355723950d12d7ed51195fd998cf" logic_hash = "v1_sha256_bcb2f1e1659102f39977fac43b119c58d6c72f828c3065e2318f671146e911da" score = 75 @@ -71365,8 +71365,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E43A8744 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47" logic_hash = "v1_sha256_17c52d2b720fa2e98c3e9bb077525a695a6e547a66e8c44fcc1e26e48df81adf" score = 75 @@ -71394,8 +71394,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6E8E9257 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_67973257e578783838f18dc8ae994f221ad1c1b3f4a04a2b6b523da5ebd8c95b" score = 75 quality = 75 @@ -71422,8 +71422,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ac253E4F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "v1_sha256_1ab463fce01148c2cc95659fdf8b05e597d9b4eeabe81a9cdfa1da3632d72291" score = 75 @@ -71451,8 +71451,8 @@ rule ELASTIC_Linux_Trojan_Mirai_994535C4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "376a2771a2a973628e22379b3dbb9a8015c828505bbe18a0c027b5d513c9e90d" logic_hash = "v1_sha256_c83c8c9cdfea1bf322115e5b23d751b226a5dbf42fc41faac172d36192ccf31f" score = 75 @@ -71480,8 +71480,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A68E498C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "v1_sha256_e4552813dc92b397c5ba78f32ee6507520f337b55779a3fc705de7e961f8eb8f" score = 75 @@ -71509,8 +71509,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88De437F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "v1_sha256_233dbf3d13c35f4c9c7078d67ea60086355c801ce6515f9d3c518e95afd39d85" score = 75 @@ -71538,8 +71538,8 @@ rule ELASTIC_Linux_Trojan_Mirai_95E0056C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380" logic_hash = "v1_sha256_9e34891d28034d1f4fc3da5cb99df8fc74f0b876903088f5eab5fe36e0e0e603" score = 75 @@ -71567,8 +71567,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B548632D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "639d9d6da22e84fb6b6fc676a1c4cfd74a8ed546ce8661500ab2ef971242df07" logic_hash = "v1_sha256_bfb46457f8b79548726e3988d649f94e04f26f9e546aae70ece94defae6bab8a" score = 75 @@ -71596,8 +71596,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E0Cf29E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_693e27da8cbab32954cc2c9ba648151ad9fc21fe53251628145d7b436ec5e976" score = 75 quality = 75 @@ -71624,8 +71624,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1754B331 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0d89fc59d0de2584af0e4614a1561d1d343faa766edfef27d1ea96790ac7014b" logic_hash = "v1_sha256_fde04b0e31a00326f9d011198995999ff9b15628f5ff4139ec7dec19ac0c59c9" score = 75 @@ -71653,8 +71653,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3278F1B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "v1_sha256_4d709e8e2062099ac06b241408e52bcb86bbf8163faaffbcff68a05f864e1b3f" score = 75 @@ -71682,8 +71682,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab804Bb7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8f0cc764729498b4cb9c5446f1a84cde54e828e913dc78faf537004a7df21b20" logic_hash = "v1_sha256_cef2ffafe152332502fb0d72d014c81b90dc9ad4f4491f1b2f2f9c1f73cc7958" score = 75 @@ -71711,8 +71711,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Dca3B9B4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a839437deba6d30e7a22104561e38f60776729199a96a71da3a88a7c7990246a" logic_hash = "v1_sha256_f85dfc1c00706d7ac11ef35c41c471383ef8b019a5c2566b27072a5ef5ad5c93" score = 75 @@ -71740,8 +71740,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ae9D0Fa6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8da5b14b95d96de5ced8bcab98e23973e449c1b5ca101f39a2114bb8e74fd9a5" score = 75 quality = 75 @@ -71768,8 +71768,8 @@ rule ELASTIC_Linux_Trojan_Mirai_612B407C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7833bc89778461a9f46cc47a78c67dda48b498ee40b09a80a21e67cb70c6add1" logic_hash = "v1_sha256_6514725a32f7c28be7de5ff6fe1363df7c50e2cd6c8c79824ec4cbeadda2ca31" score = 75 @@ -71797,8 +71797,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5Da717F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66" logic_hash = "v1_sha256_034dae5bea7536e8c8aa22b8b891b9c991b94f04be12c9fe6d78ddf07a2365d9" score = 75 @@ -71826,8 +71826,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D33095D4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "72326a3a9160e9481dd6fc87159f7ebf8a358f52bf0c17fbc3df80217d032635" logic_hash = "v1_sha256_b7feaec65d72907d08c98b09fb4ac494ceee7d7bd51c09063363c617e3f057a4" score = 75 @@ -71855,8 +71855,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4E2246Fb : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66" logic_hash = "v1_sha256_6d2e1300286751a5e1ae683e9aab2f59bfbb20d1cc18dcce89c06ecadf25a3e6" score = 75 @@ -71884,8 +71884,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5981806 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "784f2005853b5375efaf3995208e4611b81b8c52f67b6dc139fd9fec7b49d9dc" logic_hash = "v1_sha256_e625323543aa5c8374a179dfa51c3f5be1446459c45fa7c7a27ae383cf0f551b" score = 75 @@ -71913,8 +71913,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C6055Dc9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c1718d7fdeef886caa33951e75cbd9139467fa1724605fdf76c8cdb1ec20e024" logic_hash = "v1_sha256_4d9d7c44f0d3ae60275720ae5faf3c25c368aa6e7d9ab5ed706a30f9a7ffd3b8" score = 75 @@ -71942,8 +71942,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3B9675Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4ec4bc88156bd51451fdaf0550c21c799c6adacbfc654c8ec634ebca3383bd66" logic_hash = "v1_sha256_61ff7cb8d664291de5cf0c82b80cf0f4001c41d3f02b7f4762f67eb8128df15d" score = 75 @@ -71971,8 +71971,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1C0D246D : FILE MEMORY date = "2021-04-13" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "211cfe9d158c8a6840a53f2d1db2bf94ae689946fffb791eed3acceef7f0e3dd" logic_hash = "v1_sha256_7a101e6d2265e09eb6c8d0f1a2fe54c9aa353dfd8bd156926937f4aec86c3ef1" score = 75 @@ -72001,8 +72001,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ad337D2F : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "012b717909a8b251ec1e0c284b3c795865a32a1f4b79706d2254a4eb289c30a7" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_dba630c1deb00b0dbd9f895a9b93393bc634150c8f32527b02d8dd71dc806e7d" score = 75 quality = 75 @@ -72029,8 +72029,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88A1B067 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1a62db02343edda916cbbf463d8e07ec2ad4509fd0f15a5f6946d0ec6c332dd9" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_0755f1f974734ccd4ecc444217bf52ed306d1dc32c05841ba9ca6d259e1a147e" score = 75 quality = 75 @@ -72057,8 +72057,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76Bbc4Ca : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1a9ff86a66d417678c387102932a71fd879972173901c04f3462de0e519c3b51" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_855b7938b92b5645fcefd2ec1e2ccb71269654816f362282ccbf9aef1c01c8a0" score = 75 quality = 75 @@ -72085,8 +72085,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bfc17Bd : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1cdd94f2a1cb2b93134646c171d947e325a498f7a13db021e88c05a4cbb68903" logic_hash = "v1_sha256_ef83bc9ae3c881d09b691db42a1712b500a5bb8df34060a6786cfdc6caaf5530" score = 75 @@ -72114,8 +72114,8 @@ rule ELASTIC_Linux_Trojan_Mirai_389Ee3E9 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "v1_sha256_fedeae98d468a11c3eaa561b9d5433ec206bdd4caed5aed7926434730f7f866b" score = 75 @@ -72143,8 +72143,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Cc93863B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "v1_sha256_881998dee010270d7cefae5b59a888e541d4a2b93e3e52ae0abe0df41371c50d" score = 75 @@ -72172,8 +72172,8 @@ rule ELASTIC_Linux_Trojan_Mirai_8Aa7B5D3 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "v1_sha256_3c99b7b126184b75802c7198c81f4783af776920edc6e964dbe726d28d88f64d" score = 75 @@ -72201,8 +72201,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76908C99 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "533a90959bfb337fd7532fb844501fd568f5f4a49998d5d479daf5dfbd01abb2" logic_hash = "v1_sha256_bd8254e888b1ea93ca9aad92ea2c8ece1f2d03ae2949ca4c3743b6e339ee21e0" score = 75 @@ -72230,8 +72230,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1538Ce1A : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "v1_sha256_cf2dd11da520640c6a64e05c4679072a714d8cf93d5f5aa3a1eca8eb3e9c8b3b" score = 75 @@ -72259,8 +72259,8 @@ rule ELASTIC_Linux_Trojan_Mirai_07B1F4F6 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "v1_sha256_4af1a20e29e0c9b62e1530031e49a3d7b37d4e9a547d89a270a2e59e0c7852cc" score = 75 @@ -72288,8 +72288,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Feaa98Ff : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "v1_sha256_06be9d8bcfcb7e6b600103cf29fa8a94a457ff56e8c7018336c270978a57ccbf" score = 75 @@ -72317,8 +72317,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Acd6Ed4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2644447de8befa1b4fe39b2117d49754718a2f230d6d5f977166386aa88e7b84" logic_hash = "v1_sha256_ab284d41af8e1920fa54ac8bfab84bac493adf816aebce60490ab22c0e502201" score = 75 @@ -72346,8 +72346,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eb940856 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fbf814c04234fc95b6a288b62fb9513d6bbad2e601b96db14bb65ab153e65fef" logic_hash = "v1_sha256_d7bb2373a35ea97a11513e80e9a561f53a8f0b9345f392e8e7f042d4cb2d7d20" score = 75 @@ -72375,8 +72375,8 @@ rule ELASTIC_Macos_Trojan_Electrorat_B4Dbfd1D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b1028b38fcce0d54f2013c89a9c0605ccb316c36c27faf3a35adf435837025a4" logic_hash = "v1_sha256_a36143a8c93cb187dba0a88a15550219c19f1483502f782dfefc1e53829cfbf1" score = 75 @@ -72407,8 +72407,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_99487621 : FILE MEMORY date = "2023-03-29" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973" logic_hash = "v1_sha256_9a441c47e8b95d8aaec6f495d6ddfec2ed6b0762637ea48e64c9ea01b0945019" score = 75 @@ -72442,8 +72442,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_8B07C275 : FILE MEMORY date = "2023-03-29" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973" logic_hash = "v1_sha256_64e8bd8929c9fb8cae16f772e3266b02b4ddec770ff8d5379a93a483eb8ff660" score = 75 @@ -72472,8 +72472,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_Ac021Ae0 : FILE MEMORY date = "2023-03-30" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_033eabdd8ce8ecc4e1a657161c1f298c7dfe536ee2dbf9375cfda894638a7bee" score = 75 quality = 75 @@ -72508,8 +72508,8 @@ rule ELASTIC_Windows_Vulndriver_Llaccess_C57534E8 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b" logic_hash = "v1_sha256_8bf629fd2ce0b1f15c7aacd573659b649dcf968556232683b29d68b27d12e577" score = 75 @@ -72539,8 +72539,8 @@ rule ELASTIC_Windows_Shellcode_Generic_8C487E57 : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Shellcode_Generic.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Shellcode_Generic.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_a86ea8e15248e83ce7322c10e308a5a24096b1d7c67f5673687563dec8229dfe" score = 75 quality = 75 @@ -72567,8 +72567,8 @@ rule ELASTIC_Windows_Shellcode_Generic_F27D7Beb : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Shellcode_Generic.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Shellcode_Generic.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8530a74a002d0286711cd86545aff0bf853de6b6684473b6211d678797c3639f" score = 75 quality = 75 @@ -72595,8 +72595,8 @@ rule ELASTIC_Windows_Shellcode_Generic_29Dcbf7A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Shellcode_Generic.yar#L39-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Shellcode_Generic.yar#L39-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c2a81cc27e696a2e488df7d2f96784bbaed83df5783efab312fc5ccbfd524b43" score = 75 quality = 75 @@ -72623,8 +72623,8 @@ rule ELASTIC_Windows_Hacktool_Cpulocker_73B41444 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dbfc90fa2c5dc57899cc75ccb9dc7b102cb4556509cdfecde75b36f602d7da66" logic_hash = "v1_sha256_8fb33744326781c51bb6bd18d0574602256b813b62ec8344d5338e6442bb2de0" score = 75 @@ -72652,8 +72652,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_8Bd3002C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "v1_sha256_578fd1c3e6091df9550b3c2caf999d7a0432f037b0cc4b15642531e7fdffd7b7" score = 75 @@ -72681,8 +72681,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_A592A280 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "v1_sha256_b16cf5b527782680cc1da6f61dd537596792fed615993b19965ef2dbde701e64" score = 75 @@ -72710,8 +72710,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D57Aa841 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7" logic_hash = "v1_sha256_b0db72ad81d27f5b2ac2d2bb903ff10849c304d40619fd95a39e7d48c64c45ba" score = 75 @@ -72739,8 +72739,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_B97E0253 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "v1_sha256_dc11d50166a4d1b400c0df81295054192d42822dd3e065e374a92a31727d4dbd" score = 75 @@ -72768,8 +72768,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_66C465A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a" logic_hash = "v1_sha256_71f224e3ee1ff29787258a61f29a37a9ddc51e9cb5df0693ea52fd4b6f0b5ad8" score = 75 @@ -72797,8 +72797,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D8573802 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a" logic_hash = "v1_sha256_b51ab7a7c26e889a4e8efc2b9883f709c17d82032b0c28ab3e30229d6f296367" score = 75 @@ -72826,8 +72826,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_7926Bc8E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7" logic_hash = "v1_sha256_ac42dd714696825d64402861e96122cce7cd09ae8d9c43a19dd9cf95d7b09610" score = 75 @@ -72855,8 +72855,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_E2377400 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b88daf00a0e890b6750e691856b0fe7428d90d417d9503f62a917053e340228b" logic_hash = "v1_sha256_71276698d1bdb9bc494fe6f1aa9755940583331836abc490e0b5ac3454d35de6" score = 75 @@ -72884,8 +72884,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_994F1E97 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2384e787877b622445d7d14053a8340d2e97d3ab103a3fabfa08a40068726ad0" score = 75 quality = 75 @@ -72912,8 +72912,8 @@ rule ELASTIC_Windows_Hacktool_Sharpshares_88Cdcd52 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bbdd3620a67aedec4b9a68b2c9cc880b6631215e129816aea19902a6f4bc6f41" logic_hash = "v1_sha256_85c59b939da6158f931e779c2884cea77b80fab54ee5e157d86afa19f0253db3" score = 75 @@ -72952,8 +72952,8 @@ rule ELASTIC_Windows_Trojan_Mylobot_A895174A : FILE MEMORY date = "2024-05-15" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_MyloBot.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_MyloBot.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "33831d9ad64d0f52f507f08ef81607aafa6ced58a189969af6cf57c659c982d2" logic_hash = "v1_sha256_16f2d8eeb6c85944030a33bd250e4e8b98985a6c877a0ec3ad5a6037e7c00159" score = 75 @@ -72987,8 +72987,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Aa20A3C6 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6" logic_hash = "v1_sha256_3b383934dc91536f69e2c6cb2cf2054c5f8a08766ecf1d1804c57f3a2c39c1c2" score = 75 @@ -73016,8 +73016,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Ce0Bda23 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89" logic_hash = "v1_sha256_f7fbe0255a006cce42aff61b294512c11e1cceaf11d5c1b6f75b96fb3b155895" score = 75 @@ -73045,8 +73045,8 @@ rule ELASTIC_Linux_Virus_Gmon_E544D891 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Virus_Gmon.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Virus_Gmon.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32" logic_hash = "v1_sha256_6dcfd51aaa79d7bac0100d9c891aa4275b8e1f7614cda46a5da4c738d376c729" score = 75 @@ -73074,8 +73074,8 @@ rule ELASTIC_Linux_Virus_Gmon_192Bd9B3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Virus_Gmon.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Virus_Gmon.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32" logic_hash = "v1_sha256_3df275349d14a845c73087375f96e0c9a069ff685beb89249590ef9448e50373" score = 75 @@ -73103,8 +73103,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_57C0C6D7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "100dc1ede4c0832a729d77725784d9deb358b3a768dfaf7ff9e96535f5b5a361" logic_hash = "v1_sha256_d3a272d488cebe4f774c994001a14d825372a27f16267bc0339b7e3b22ada8db" score = 75 @@ -73132,8 +73132,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_7E42Bf80 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "551b6e6617fa3f438ec1b3bd558b3cbc981141904cab261c0ac082a697e5b07d" logic_hash = "v1_sha256_ad8c8f0081d07f7e2a5400de6af2c6b311f77ff336d7576f7fb0bfe2593a9062" score = 75 @@ -73161,8 +73161,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_271121Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "19aeafb63430b5ac98e93dfd6469c20b9c1145e6b5b86202553bd7bd9e118842" logic_hash = "v1_sha256_f43b1527ad4bbd07023126def89c1af47698cc832f71f4a1381ed0d621d79ed5" score = 75 @@ -73190,8 +73190,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_E7E64Fb7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e325ac02c51526c5a36bdd6c2bcb3bee51f1214d78eff8048c8a1ae88334a9e8" score = 75 quality = 75 @@ -73218,8 +73218,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_79B42B21 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_db42871193960ea4c2cbe5f5040cbc1097d57d9e4dc291bcc77ed72b588311ab" score = 75 quality = 75 @@ -73246,8 +73246,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_77Fbc695 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e723a2b976adddb01abb1101f2d3407b783067bec042a135b21b14d63bc18a68" logic_hash = "v1_sha256_af8e09cd5d6b7532af0c06273aa465cf6c40ad6c919a679fd09191a1c2a302f5" score = 75 @@ -73275,8 +73275,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_403B0A12 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "54d806b3060404ccde80d9f3153eebe8fdda49b6e8cdba197df0659c6724a52d" logic_hash = "v1_sha256_5b7662124eb980b11f88a50665292e7a405595f7ad85c5c448dd087ea096689a" score = 75 @@ -73304,8 +73304,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Bffa106B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d7214ad9c4291205b50567d142d99b8a19a9cfa69d3cd0a644774c3a1adb6b49" score = 75 quality = 75 @@ -73332,8 +73332,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_73Faf972 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655" logic_hash = "v1_sha256_a6a9d304d215302bf399c90ed0dd77a681796254c51a2a20e4a316dba43b387f" score = 75 @@ -73361,8 +73361,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Af809Eea : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655" logic_hash = "v1_sha256_4ae4b119a3eecfdb47a88fe5a89a4f79ae96eecf5d08eef08997357de7e6538a" score = 75 @@ -73390,8 +73390,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_9F6Ac00F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9cd58c1759056c0c5bbd78248b9192c4f8c568ed89894aff3724fdb2be44ca43" logic_hash = "v1_sha256_9fa8e7be5c35c9a649c42613d0d5d5cecff3d9c3e9a572e4be1ca661876748a5" score = 75 @@ -73419,8 +73419,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Dbcc9D87 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "da9b8fb5c26e81fb3aed3b0bc95d855339fced303aae2af281daf0f1a873e585" logic_hash = "v1_sha256_b7fa60e32cb53484d8b76b13066eda1f2275ee2660ac2dc02b0078b921998e79" score = 75 @@ -73448,8 +73448,8 @@ rule ELASTIC_Linux_Trojan_Gognt_50C3D9Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gognt.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gognt.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "79602bc786edda7017c5f576814b683fba41e4cb4cf3f837e963c6d0d42c50ee" logic_hash = "v1_sha256_ecd9cd94b3bf8c50c347e70aab3da03ea6589530b20941a9f62dac501f8144fc" score = 75 @@ -73477,8 +73477,8 @@ rule ELASTIC_Linux_Trojan_Gognt_05B10F4B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gognt.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gognt.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e43aaf2345dbb5c303d5a5e53cd2e2e84338d12f69ad809865f20fd1a5c2716f" logic_hash = "v1_sha256_1dfc3417f75aa81aea5eda3d6da076f1cacf82dbfc039252b1d16f52b81a5a65" score = 75 @@ -73506,8 +73506,8 @@ rule ELASTIC_Macos_Hacktool_Jokerspy_58A6B26D : FILE MEMORY date = "2023-06-19" modified = "2023-06-19" reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8" logic_hash = "v1_sha256_e9e1333c7172d5a0f06093a902edefd7f128963dbaadf77e829f032ccb04ce56" score = 75 @@ -73540,8 +73540,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_517Aac7D : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365" logic_hash = "v1_sha256_50e061d0c358655c03b95ccbe2d05e252501c3e6afd21dd20513019cd67e6147" score = 75 @@ -73573,8 +73573,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_9996D800 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365" logic_hash = "v1_sha256_efefc171b6390c9792145973708358f62b18b8d0180feacaf5b9267563c3f7cc" score = 75 @@ -73602,8 +73602,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_C219A2F3 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b7204f8caf6ace6ae1aed267de0ad6b39660d0e636d8ee0ecf88135f8a58dc42" logic_hash = "v1_sha256_8075892728c610c1ceacd0df54615d2a3e833d728d631a9bf81311e8c6485f6e" score = 75 @@ -73632,8 +73632,8 @@ rule ELASTIC_Linux_Hacktool_Aduh_6Cae7C78 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9c67207546ad274dc78a0819444d1c8805537f9ac36d3c53eba9278ed44b360c" logic_hash = "v1_sha256_130df108de5b6cdfb9227f96301bdaa1e272d47b8cb9ad96c3aa574bf65870b2" score = 75 @@ -73661,8 +73661,8 @@ rule ELASTIC_Windows_Vulndriver_Mhyprot_26214176 : FILE date = "2022-08-25" modified = "2022-08-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6" logic_hash = "v1_sha256_61d1713c689b9d663f2d3360d07735b07ca10365b5ce424b2df726bd6cc434d3" score = 75 @@ -73693,8 +73693,8 @@ rule ELASTIC_Multi_Hacktool_Gsocket_761D3A0F : FILE MEMORY date = "2024-09-20" modified = "2024-11-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Hacktool_Gsocket.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Hacktool_Gsocket.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "193efd61ae10f286d06390968537fa85e4df40995fd424d1afe426c089d172ab" logic_hash = "v1_sha256_6f60b63f406b42ac2a43cbe3afbbc98789504d7c6036d50f852a5bc4a6c46cef" score = 75 @@ -73735,8 +73735,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_7029Ba21 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "09005775fc587ac7bf150c05352e59dc01008b7bf8c1d870d1cea87561aa0b06" logic_hash = "v1_sha256_874959361b14ba74e13e6e674da75c9bdb6b9475d8b286572825c940b41f679f" score = 75 @@ -73765,8 +73765,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_A64B323B : FILE MEMORY date = "2023-09-04" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "339e4fdbccb65b0b06a1421c719300a8da844789a2016d58e8ce4227cb5dc91b" logic_hash = "v1_sha256_e1c25cf8ce0ff434727c9104c6b79110ff5cfa84eb3e939119fd05cf676727c6" score = 75 @@ -73797,8 +73797,8 @@ rule ELASTIC_Linux_Trojan_Lala_51Deb1F9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Lala.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Lala.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3af65d3307fbdc2e8ce6e1358d1413ebff5eeb5dbedc051394377a4dabffa82" logic_hash = "v1_sha256_73a7ec230be9aabcc301095c9c075f839852155419bdd8d5542287f34699ab33" score = 75 @@ -73826,8 +73826,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_34Bd6C83 : FILE MEMORY date = "2021-06-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "37f70ae0e4e671c739d402c00f708761e98b155a1eefbedff1236637c4b7690a" logic_hash = "v1_sha256_d386fc2a4b6a98638328d1aa05a8d8dbb7a1bbcd72943457b1a5a27b056744ef" score = 75 @@ -73859,8 +73859,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_54916275 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d3b2c410b431c006c59f14b33e95c0e44e6221b1118340c745911712296f659f" logic_hash = "v1_sha256_4c66f79f4bf6bde49bfb9208e6dc1d3b5d041927565e7302381838b0f32da6f4" score = 75 @@ -73888,8 +73888,8 @@ rule ELASTIC_Linux_Trojan_Mumblehard_523450Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a637ea8f070e1edf2c9c81450e83934c177696171b24b4dff32dfb23cefa56d3" logic_hash = "v1_sha256_60b4cc388975ce030e03c5c3a48adcfeec25299105206909163f20100fbf45d8" score = 75 @@ -73917,8 +73917,8 @@ rule ELASTIC_Windows_Hacktool_Sharpstay_Eac706C5 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "498d201f65b57a007a79259ce7015eb7eb1bba660d44deafea716e36316a9caa" logic_hash = "v1_sha256_b85679018658e33e81cd2589e9f99cf9ed16ac25b27d93bece26cb5ccc2e379a" score = 75 @@ -73950,8 +73950,8 @@ rule ELASTIC_Windows_Trojan_Pipedance_01C18057 : FILE MEMORY date = "2023-02-02" modified = "2023-02-22" reference = "https://www.elastic.co/security-labs/twice-around-the-dance-floor-with-pipedance" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9d3f739e35182992f1e3ade48b8999fb3a5049f48c14db20e38ee63eddc5a1e7" logic_hash = "v1_sha256_0c03a725ae930eb829d6a6a9f681489d61aa7f69e72b6b298776f75a98115398" score = 75 @@ -73986,8 +73986,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_99349371 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e8dbb246fdd1a50226a36c407ac90eb44b0cf5e92bf0b92c89218f474f9c2afb" logic_hash = "v1_sha256_26160e855c63fc0b73e415de2fe058f2005df1ec5544d21865d022c5474df30c" score = 75 @@ -74015,8 +74015,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_B9F045Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2565101b261bee22ddecf6898ff0ac8a114d09c822d8db26ba3e3571ebe06b12" score = 75 quality = 75 @@ -74043,8 +74043,8 @@ rule ELASTIC_Linux_Trojan_Dnsamp_C31Eebd4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4b86de97819a49a90961d59f9c3ab9f8e57e19add9fe1237d2a2948b4ff22de6" logic_hash = "v1_sha256_b998065eff9f67a1cdf19644a13edb0cef3c619d8b6e16c412d58f5d538e4617" score = 75 @@ -74072,8 +74072,8 @@ rule ELASTIC_Multi_Generic_Threat_19854Dc2 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Generic_Threat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Generic_Threat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "be216fa9cbf0b64d769d1e8ecddcfc3319c7ca8e610e438dcdfefc491730d208" logic_hash = "v1_sha256_beed6d6cd7b7b6eb3f4ab6a45fd19f2ebfb661e470d468691b68634994e2eef7" score = 75 @@ -74101,8 +74101,8 @@ rule ELASTIC_Linux_Trojan_Sdbot_98628Ea1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5568ae1f8a1eb879eb4705db5b3820e36c5ecea41eb54a8eef5b742f477cbdd8" logic_hash = "v1_sha256_55b8e3fa755965b85a043015f9303644b8e06fe8bfdc0e2062de75bdc2881541" score = 75 @@ -74130,8 +74130,8 @@ rule ELASTIC_Windows_Vulndriver_Elrawdisk_F9Fd1A80 : FILE date = "2022-10-07" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ed4f2b3db9a79535228af253959a0749b93291ad8b1058c7a41644b73035931b" logic_hash = "v1_sha256_43f9f1f6ad6c1defe2f0d6dd0cd380bea1a8ead19bc0bf203bdfe4f83b9c284d" score = 75 @@ -74159,8 +74159,8 @@ rule ELASTIC_Multi_Trojan_Sliver_42298C4A : FILE MEMORY date = "2021-10-20" modified = "2022-01-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Sliver.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Sliver.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007" logic_hash = "v1_sha256_a84bdb51fcdeb4629365bdb727b53087604ee0eb112c8d6c3ecf315598ec678a" score = 75 @@ -74194,8 +74194,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3Bde542D : FILE MEMORY date = "2022-08-31" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Sliver.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Sliver.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "05461e1c2a2e581a7c30e14d04bd3d09670e281f9f7c60f4169e9614d22ce1b3" logic_hash = "v1_sha256_23a0e28c1423f577a147efdf927f2dc71871760e38d4d7494ead2920b90ef05e" score = 75 @@ -74228,8 +74228,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3D6B7Cd3 : FILE MEMORY date = "2022-12-01" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Sliver.yar#L52-L88" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Sliver.yar#L52-L88" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9846124cfd124eed466465d187eeacb4d405c558dd84ba8e575d8a7b3290403e" logic_hash = "v1_sha256_3cbd3358b7d59d6a2912069f4cb8de005b6fafd61e44111d1f6cf0418eb2d1fc" score = 75 @@ -74275,8 +74275,8 @@ rule ELASTIC_Windows_PUP_Mediaarena_A9E3B4A1 : FILE MEMORY date = "2023-06-02" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_PUP_MediaArena.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_PUP_MediaArena.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c071e0b67e4c105c87b876183900f97a4e8bc1a7c18e61c028dee59ce690b1ac" logic_hash = "v1_sha256_8e52b29f2848498aae2fd7ad35494362d6c07f0e752b628840a256923aca32c7" score = 75 @@ -74310,8 +74310,8 @@ rule ELASTIC_Multi_EICAR_Ac8F42D6 : FILE MEMORY date = "2021-01-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_EICAR.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_EICAR.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_05c92058aab1229dfa31e006276c2c83fa484e813bdfe66edf387763797d9d57" score = 75 quality = 25 @@ -74338,8 +74338,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_53Df500F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8" logic_hash = "v1_sha256_ed63c14e31c200f906b525c7ef1cd671511a89c8833cfa1a605fc9870fe91043" score = 75 @@ -74367,8 +74367,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_F4681Eba : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8" logic_hash = "v1_sha256_cf478ec5313b40d74d110e4d6e97da5f671d5af331adc3ab059a69616e78c76c" score = 75 @@ -74396,8 +74396,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_4091E373 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c38c4bdd3c1fa16fd32db06d44d0db1b25bb099462f8d2936dbdd42af325b37c" logic_hash = "v1_sha256_ce82f6d3a2e4b7ffe7010629bf91a9144a94e50513682a6c0622603d28248d51" score = 75 @@ -74425,8 +74425,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_20A0091E : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b00a61c908cd06dbc26bee059ba290e7ce2ad6b66c453ea272c7287ffa29c5ab" logic_hash = "v1_sha256_bb90b7e1637fd86e91763b4801a0b3bb8a1b956f328d07e96cf1b26e42b1931b" score = 75 @@ -74454,8 +74454,8 @@ rule ELASTIC_Linux_Webshell_Generic_E80Ff633 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Webshell_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Webshell_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7640ba6f2417931ef901044152d5bfe1b266219d13b5983d92ddbdf644de5818" logic_hash = "v1_sha256_d345e6ce3e51ed55064aafb1709e9bee7ef2ce87ec80165ac1b58eebd83cefee" score = 75 @@ -74483,8 +74483,8 @@ rule ELASTIC_Linux_Webshell_Generic_41A5Fa40 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "18ac7fbc3d8d3bb8581139a20a7fee8ea5b7fcfea4a9373e3d22c71bae3c9de0" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Webshell_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Webshell_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_574148bc58626aac00add1989c65ad56315c7e2a8d27c7b96be404d831a7a576" score = 75 quality = 73 @@ -74511,8 +74511,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_4557_B7E15F5E : FILE MEMORY CVE_2016_4557 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bbed2f81104b5eb4a8475deff73b29a350dc8b0f96dcc4987d0112b993675271" logic_hash = "v1_sha256_9c40233fec9607404ca4f78313e0f62922180e5ef88dbf801dd60725af61bdde" score = 75 @@ -74540,8 +74540,8 @@ rule ELASTIC_Linux_Trojan_Skidmap_Aa7B661D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4282ba9b7bee69d42bfff129fff45494fb8f7db0e1897fc5aa1e4265cb6831d9" logic_hash = "v1_sha256_aa976158d004d582234a92ff648d4581440f9c933a0abef212d9d837d9607ba4" score = 75 @@ -74569,8 +74569,8 @@ rule ELASTIC_Linux_Trojan_Skidmap_52Fb8489 : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Skidmap.yar#L21-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Skidmap.yar#L21-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4282ba9b7bee69d42bfff129fff45494fb8f7db0e1897fc5aa1e4265cb6831d9" logic_hash = "v1_sha256_9d199666f36a703b77d6b2a47e8d2065c25746a5776df63f5bfacb912afa582b" score = 75 @@ -74616,8 +74616,8 @@ rule ELASTIC_Linux_Trojan_Backegmm_B59712E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d6c8e15cb65102b442b7ee42186c58fa69cd0cb68f4fd47eb5ad23763371e0be" logic_hash = "v1_sha256_a2e6016bfd8475880c28c89b5f5beeef1335de9529d44bbe7c5aaa352aab9a29" score = 75 @@ -74645,8 +74645,8 @@ rule ELASTIC_Linux_Trojan_Roopre_B6B9E71D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Roopre.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Roopre.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc" logic_hash = "v1_sha256_32294e476a014a919d2d738bdc940a7fc5f91e1b13c005f164a5b6bf84eb2635" score = 75 @@ -74674,8 +74674,8 @@ rule ELASTIC_Linux_Trojan_Roopre_05F7F237 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Roopre.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Roopre.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc" logic_hash = "v1_sha256_12e14ac31932033f2448b7a3bfd6ce826fff17494547ac4baefb20f6713baf5f" score = 75 @@ -74703,8 +74703,8 @@ rule ELASTIC_Windows_Clickfraud_Luckyslots_A82433B6 : FILE MEMORY date = "2024-08-21" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Clickfraud_LuckySlots.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Clickfraud_LuckySlots.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6503770b34c53025793f1674af87d80a8f6ed44b5780490796012a2b771b8f84" logic_hash = "v1_sha256_342dafb67ae8557de66ac810482e2747ae88c76f07c244f1a465351fcc72cab9" score = 75 @@ -74738,8 +74738,8 @@ rule ELASTIC_Linux_Backdoor_Python_00606Bac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Backdoor_Python.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Backdoor_Python.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b3e3728d43535f47a1c15b915c2d29835d9769a9dc69eb1b16e40d5ba1b98460" logic_hash = "v1_sha256_92ad2cf4aa848c8f3bcedd319654bf5ef873cd4daba62572381c7e20f0296b82" score = 75 @@ -74767,8 +74767,8 @@ rule ELASTIC_Windows_Trojan_Asyncrat_11A11Ba1 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1" logic_hash = "v1_sha256_c6c4ce9ccf01c280be6c25c0c82c34b601626bc200b84d3e77b08be473335d3d" score = 75 @@ -74801,8 +74801,8 @@ rule ELASTIC_Windows_Trojan_M0Yv_92F66467 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_M0yv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_M0yv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0004d22dd18c0239b722c085101c0a32b967159e2066a0b7b9104bb43f5cdea0" logic_hash = "v1_sha256_a47b20679aee9559213de22783cfbc55c6091785e4dc288349963e863b78cf41" score = 75 @@ -74832,8 +74832,8 @@ rule ELASTIC_Windows_Trojan_Whispergate_9192618B : FILE MEMORY date = "2022-01-17" modified = "2022-01-17" reference = "https://www.elastic.co/security-labs/operation-bleeding-bear" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78" logic_hash = "v1_sha256_28bb08d61d99d2bfc49ba18cdbabc34c31a715ae6439ab25bbce8cc6958ed381" score = 75 @@ -74865,8 +74865,8 @@ rule ELASTIC_Linux_Exploit_Intfour_0Ca45Cd3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Intfour.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Intfour.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9d32c5447aa5182b4be66b7a283616cf531a2fd3ba3dde1bc363b24d8b22682f" logic_hash = "v1_sha256_088d8daa9ba4f53c8de229282ed8a7b30b1e567687e7807ac6c3df9524dabba9" score = 75 @@ -74894,8 +74894,8 @@ rule ELASTIC_Linux_Downloader_Generic_0Bd15Ae0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Downloader_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Downloader_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e511efb068e76a4a939c2ce2f2f0a089ef55ca56ee5f2ba922828d23e6181f09" logic_hash = "v1_sha256_c9558562d9e9d3b55bd1fba9e55b332e6b4db5a170e0dd349bef1e35f0c7fd21" score = 75 @@ -74923,8 +74923,8 @@ rule ELASTIC_Windows_Trojan_Rudebird_3Cbf7Bc6 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2095c3b6bde779b5661c7796b5e33bb0c43facf791b272a603b786f889a06a95" score = 75 quality = 75 @@ -74951,8 +74951,8 @@ rule ELASTIC_Linux_Cryptominer_Bscope_348B7Fa0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a6fb80d77986e00a6b861585bd4e573a927e970fb0061bf5516f83400ad7c0db" logic_hash = "v1_sha256_bc6a59dcc36676273c61fa71231fd8709884beebb7ab64b58f22551393b20c71" score = 75 @@ -74980,8 +74980,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4De7B584 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9d61aabcf935121b4f7fc6b0d082d7d6c31cb43bf253a8603dd46435e66b7955" logic_hash = "v1_sha256_019b2504df192e673f96a86464bb5e8ba5e89190e51bfe7d702753f76c00b979" score = 75 @@ -75009,8 +75009,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_E3Da43E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "da0cffc4222d11825778fe4fa985fef2945caa0cc3b4de26af0a06509ebafb21" logic_hash = "v1_sha256_b129b7060b6af4ff2aae2678a455b969579132891fba44e4fdc2481a5437bdf9" score = 60 @@ -75038,8 +75038,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_82D5C4Cf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204" logic_hash = "v1_sha256_81f35293bd3dd0cfbbf67f036773e16625bb74e06320fa1fff5bc428ef2f3a43" score = 60 @@ -75067,8 +75067,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4Ec2Ec63 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204" logic_hash = "v1_sha256_25f616c5440a48aef0f824cb6859e88787db4f42c1ec904a3d3bd72f3a64116e" score = 75 @@ -75096,8 +75096,8 @@ rule ELASTIC_Windows_Hacktool_Darkloadlibrary_C25Ee4Eb : FILE MEMORY date = "2022-12-02" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5546194a71bc449789c3697f9c106860ac0a21e1ccf2b1196120b3f92f4b5306" logic_hash = "v1_sha256_c585abbe72834e9ba2e5f1c8070a43b0f10c2b574c72ffe1def4bfd431096415" score = 75 @@ -75135,8 +75135,8 @@ rule ELASTIC_Linux_Rootkit_Generic_61229Bdf : FILE MEMORY date = "2024-11-14" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Generic.yar#L1-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Generic.yar#L1-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_624c599a073c59f9c7f7c7492053470e4aafd1735519bf2c3eef290999e4e4ad" score = 75 quality = 50 @@ -75219,8 +75219,8 @@ rule ELASTIC_Linux_Rootkit_Generic_482Bca48 : FILE MEMORY date = "2024-11-14" modified = "2024-12-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Generic.yar#L76-L116" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Generic.yar#L76-L116" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_5b73588523e7ae66e9346c1b7a078cc04fab42672c8d2ff5900d4346385143c7" score = 75 quality = 73 @@ -75270,8 +75270,8 @@ rule ELASTIC_Linux_Rootkit_Generic_D0C5Cfe0 : FILE MEMORY date = "2024-11-14" modified = "2024-12-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Generic.yar#L118-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Generic.yar#L118-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e5d7e5a7147724f3c6baa3697ab51ed105d34ffbd7a14dec22a95181a6361d5f" score = 75 quality = 73 @@ -75322,8 +75322,8 @@ rule ELASTIC_Linux_Rootkit_Generic_F07Bcabe : FILE MEMORY date = "2024-12-02" modified = "2024-12-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Generic.yar#L161-L180" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Generic.yar#L161-L180" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2e63ceede0347ad6cf80f9a0d8acce42c8b34bd1a549cfc20993af76f780dd2f" score = 75 quality = 75 @@ -75352,8 +75352,8 @@ rule ELASTIC_Linux_Cryptominer_Attribute_3683D149 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ec9e74d52d745275718fe272bfd755335739ad5f680f73f5a4e66df6eb141a63" logic_hash = "v1_sha256_71aa8aa4171671af4aa0271b64da95ac1d8766de12a949c97ebcac9369224ecd" score = 75 @@ -75381,8 +75381,8 @@ rule ELASTIC_Windows_Ransomware_Akira_C8C298Ba : FILE MEMORY date = "2024-05-02" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Akira.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Akira.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a2df5477cf924bd41241a3326060cc2f913aff2379858b148ddec455e4da67bc" logic_hash = "v1_sha256_9058c83693e93f6daee8894453e56e0d9a4867d551ec3a6b66d7a517f65d8b07" score = 75 @@ -75415,8 +75415,8 @@ rule ELASTIC_Windows_Ransomware_Snake_550E0265 : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Snake.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Snake.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d9c2f6961a4ef560743060ed176bdc606561ca1b8270b8826cb0dbadaf4e5dbc" score = 75 quality = 75 @@ -75448,8 +75448,8 @@ rule ELASTIC_Windows_Ransomware_Snake_119F9C83 : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Snake.yar#L26-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Snake.yar#L26-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_cf6c81e7332acc798409a05a548460bad0ac3621402672c242e48a1b6bccdae6" score = 75 quality = 75 @@ -75478,8 +75478,8 @@ rule ELASTIC_Windows_Ransomware_Snake_20Bc5Abc : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Snake.yar#L48-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Snake.yar#L48-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_f3d8a523e04e516e8e059c9f13df355e6caf29a528cfebdf730e3a7d135e3351" score = 75 quality = 75 @@ -75507,8 +75507,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_Cc02E75E : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6" logic_hash = "v1_sha256_ccfd7edf7625c13eea5b88fa29f9b8d3d873688f328f3e52c0500ac722c84511" score = 75 @@ -75537,8 +75537,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_F2159Bec : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6" logic_hash = "v1_sha256_d36cb90b526a291858291d615272baa78881309c83376f4d4cce1768c740ddbc" score = 75 @@ -75566,8 +75566,8 @@ rule ELASTIC_Linux_Ransomware_Redalert_39642D52 : FILE MEMORY date = "2022-07-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "039e1765de1cdec65ad5e49266ab794f8e5642adb0bdeb78d8c0b77e8b34ae09" logic_hash = "v1_sha256_fa8fc16f0c8a55dd78781d334d7f55db6aa5e60f76cebf5282150af8ceb08dc3" score = 75 @@ -75599,8 +75599,8 @@ rule ELASTIC_Macos_Backdoor_Useragent_1A02Fc3A : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "623f99cbe20af8b79cbfea7f485d47d3462d927153d24cac4745d7043c15619a" logic_hash = "v1_sha256_90debdfc24ef100952302808a2e418bca2a46be3e505add9a0ccf4c49aff5102" score = 75 @@ -75632,8 +75632,8 @@ rule ELASTIC_Windows_Trojan_Xeno_F92Ffb82 : FILE MEMORY date = "2024-10-10" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Xeno.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Xeno.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "22dbdbcdd4c8b6899006f9f07e87c19b6a2947eeff8cc89c653309379b388cf4" logic_hash = "v1_sha256_17d5107b297c150cf737382c175e491e6bc4b17b2db583ff193f4acd40fdd459" score = 75 @@ -75661,8 +75661,8 @@ rule ELASTIC_Windows_Trojan_Xeno_89F9F060 : FILE MEMORY date = "2024-10-25" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Xeno.yar#L21-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Xeno.yar#L21-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b74733d68e95220ab0630a68ddf973b0c959fd421628e639c1b91e465ba9299b" logic_hash = "v1_sha256_a98bf8d1411449b41f0e35d368de3355ace837d9a406eee4f8fb087737eb283e" score = 75 @@ -75696,8 +75696,8 @@ rule ELASTIC_Windows_Trojan_Caesarkbd_32Bb198B : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d4335f4189240a3bcafa05fab01f0707cc8e3dd7a2998af734c24916d9e37ca8" logic_hash = "v1_sha256_f708706524515f98ebf612ac98318ee7172347096251d9ccd723f439070521de" score = 75 @@ -75725,8 +75725,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_48Bb4B2C : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f" logic_hash = "v1_sha256_fd6ae610a4d2cbf02aae2302d181d07780e723ac7e61b5aa3fd18ba834160729" score = 75 @@ -75756,8 +75756,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_8A2F6Dc1 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3" logic_hash = "v1_sha256_90e1efd9d918f15459dd3fabb4737cbdeded66da1d556becca051bdda5867c11" score = 75 @@ -75787,8 +75787,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_F4760D4A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003" logic_hash = "v1_sha256_dc83771e08b8530bf138782ba8c7724e7ecff40c973407a7f654346302a284d5" score = 75 @@ -75818,8 +75818,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_6A7De49F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7" logic_hash = "v1_sha256_de0d25377103d50b33a95a804b9c3eb9ef221d56fa1dfda0a32f14dcd95ee4b1" score = 75 @@ -75849,8 +75849,8 @@ rule ELASTIC_Linux_Backdoor_Bash_E427876D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Backdoor_Bash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Backdoor_Bash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "v1_sha256_fdd066b746416730419787d21eb53fa2ba997679a237d9db3a2e1365d43df892" score = 75 @@ -75878,8 +75878,8 @@ rule ELASTIC_Windows_Hacktool_Certify_Ffe1Cca2 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Certify.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Certify.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3c7f759a6c38d0c0780fba2d43be6dcf9e4869d54b66f16c0703ec8e58124953" logic_hash = "v1_sha256_e1d37ad683bfbe34433dc5e13ae2cf7c873fed640e1c58a3b0274b4b34900e53" score = 75 @@ -75915,8 +75915,8 @@ rule ELASTIC_Linux_Rootkit_Reptile_B2Ccf852 : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Reptile.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Reptile.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "331494780c1869e8367c3e16a2b99aeadc604c73b87f09a01dda00ade686675b" logic_hash = "v1_sha256_efb4c0a9894e09b5a2a614a02810524e66b21f00b76ad583cc1eb551f4a73dcc" score = 75 @@ -75948,8 +75948,8 @@ rule ELASTIC_Linux_Rootkit_Reptile_C9F8806D : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Reptile.yar#L25-L53" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Reptile.yar#L25-L53" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "331494780c1869e8367c3e16a2b99aeadc604c73b87f09a01dda00ade686675b" logic_hash = "v1_sha256_de1f8dc139ca506581119edcbd8d9b19576b0522e86b7f36713538f67a235446" score = 75 @@ -75987,8 +75987,8 @@ rule ELASTIC_Linux_Rootkit_Reptile_Eb201301 : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Reptile.yar#L55-L92" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Reptile.yar#L55-L92" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "331494780c1869e8367c3e16a2b99aeadc604c73b87f09a01dda00ade686675b" logic_hash = "v1_sha256_665c791cdcdc3aed7b9dcd6b839b12e3f9a838bef54c698b5d353b44922ea87c" score = 75 @@ -76035,8 +76035,8 @@ rule ELASTIC_Linux_Rootkit_Reptile_85Abf958 : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Reptile.yar#L94-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Reptile.yar#L94-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "331494780c1869e8367c3e16a2b99aeadc604c73b87f09a01dda00ade686675b" logic_hash = "v1_sha256_955dc251eeec64216eafa5c1ff7574e2ee96e72413b689ba147de9fbfc994864" score = 75 @@ -76070,8 +76070,8 @@ rule ELASTIC_Linux_Cryptominer_Ksmdbot_Ebeedb3C : FILE MEMORY date = "2022-12-14" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b927e0fe58219305d86df8b3e44493a7c854a6ea4f76d1ebe531a7bfd4365b54" logic_hash = "v1_sha256_67f97cc4f2886ed296b5b3827dc1d1792136ba8d9d27c20b677c9467618c879d" score = 75 @@ -76103,8 +76103,8 @@ rule ELASTIC_Windows_Vulndriver_Iobitunlocker_Defb90Fd : FILE date = "2023-07-25" modified = "2023-07-25" reference = "https://theevilbit.github.io/posts/iobit_unlocker_lpe/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556" hash = "5ce1a8eac73ef1d0741f34d9fb2661da322117a63bffe60ccad092da89664c42" logic_hash = "v1_sha256_4b0f440c66b7c9a193f0d6675c2a4246036ebc5c0c83856f45ec40a041e9cd07" @@ -76137,8 +76137,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_35F50Bea : FILE MEMORY date = "2022-04-28" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6" logic_hash = "v1_sha256_9f22b1b7f9e2d7858738d02730ef5477f8d430ad3606ebf4ac8b01314fdc9c46" score = 75 @@ -76167,8 +76167,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_70Bed4F3 : FILE MEMORY date = "2022-04-28" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6" logic_hash = "v1_sha256_3ff97986bfd8df812c4ef94395b3ac7f9ead4d059c398f8984ee217a1bcee4af" score = 75 @@ -76202,8 +76202,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_43Abeeeb : FILE MEMORY date = "2023-04-13" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7e35ba39c2c77775b0394712f89679308d1a4577b6e5d0387835ac6c06e556cb" logic_hash = "v1_sha256_976e5b5b4ba73f1b392c2f6b32a86b09b5fd9e5a3510c60b77a39f1e0d705822" score = 75 @@ -76238,8 +76238,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_368C36A0 : FILE MEMORY date = "2023-05-10" modified = "2023-05-10" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d1c32176b46ce171dbce46493eb3c5312db134b0a3cfa266071555c704e6cff8" logic_hash = "v1_sha256_6182bde93e18dc6a83a94b50b193f5f29ed9abfa89b53c290818e7dab5bbb334" score = 75 @@ -76272,8 +76272,8 @@ rule ELASTIC_Windows_Trojan_Downtown_901C4Fdd : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DownTown.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DownTown.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_6368d37fa9ba4e32131e16bceaee322f2fa8507873d01ebd687536e593354725" score = 75 quality = 75 @@ -76302,8 +76302,8 @@ rule ELASTIC_Windows_Trojan_Downtown_145Ecd2F : FILE MEMORY date = "2023-08-23" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DownTown.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DownTown.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_744a51c5317e265177185d9d0b8838a8fc939b4c56cc5e5bc51d5432d046d9f1" score = 75 quality = 75 @@ -76333,8 +76333,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_9130C0F3 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bed3561210e44c290cd410adadcdc58462816a03c15d20b5be45d227cd7dca6b" logic_hash = "v1_sha256_20e9ea15a437a17c4ef68f2472186f6d1ab3118d5b392f84fcb2bd376ec3863a" score = 75 @@ -76365,8 +76365,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_Fc2E1271 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "v1_sha256_a20c76e53874fc0fec5fd2660c63c6f1e7c1b2055cbd2a9efdfd114cd6bdda5c" score = 75 @@ -76394,8 +76394,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_86F9Ef0C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "59fb018e338908eb69be72ab11837baebf8d96cdb289757f1f4977228e7640a0" logic_hash = "v1_sha256_426d533d39e594123f742b15d0a93ded986b9b308685f7b2cfaf5de0b32cdbff" score = 75 @@ -76423,8 +76423,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_40F9C1C3 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e402063ca317867de71e8e3189de67988e2be28d5d773bbaf75618202e80f9f6" logic_hash = "v1_sha256_546edc2d6d715eac47e7a8d3ceb91cf314fa6dbee04f0475a5c4a84ba53fd722" score = 75 @@ -76452,8 +76452,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_0F9Fe37C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "v1_sha256_84f9e8938d7e2b0210003fc8334b8fa781a40afffeda8d2341970b84ed5d3b5a" score = 75 @@ -76481,8 +76481,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_1F4Bac78 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "v1_sha256_96db33e135138846f978026867bb2536226539997d060f41e7081f7f29b66c85" score = 75 @@ -76510,8 +76510,8 @@ rule ELASTIC_Linux_Ransomware_Blacksuit_9F53E7E5 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e" logic_hash = "v1_sha256_121e0139385cfef5dff394c4ea36d950314b00c6d7021cf2ca667ee942e74763" score = 75 @@ -76541,8 +76541,8 @@ rule ELASTIC_Macos_Trojan_Generic_A829D361 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b2a1cd801ae68a890b40dbd1601cdfeb5085574637ae8658417d0975be8acb5" logic_hash = "v1_sha256_70a954e8b44b1ce46f5ce0ebcf43b46e1292f0b8cdb46aa67f980d3c9b0a6f61" score = 75 @@ -76570,8 +76570,8 @@ rule ELASTIC_Windows_Exploit_CVE_2022_38028_31Fdb122 : FILE MEMORY CVE_2022_3802 date = "2024-06-06" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_CVE_2022_38028.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_CVE_2022_38028.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6b311c0a977d21e772ac4e99762234da852bbf84293386fbe78622a96c0b052f" logic_hash = "v1_sha256_df0ef11ce8e840c331d1db8f98917367dc2a33b6f1be48adb9d0b86729ecbe99" score = 75 @@ -76599,8 +76599,8 @@ rule ELASTIC_Macos_Trojan_Rustbucket_E64F7A92 : FILE MEMORY date = "2023-06-26" modified = "2023-06-29" reference = "https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9ca914b1cfa8c0ba021b9e00bda71f36cad132f27cf16bda6d937badee66c747" logic_hash = "v1_sha256_bd6005d72faba6aaeebdcbd8c771995cbfc667faf01eb93825afe985954a47fc" score = 75 @@ -76630,8 +76630,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_D13544D7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3" logic_hash = "v1_sha256_fcb2fc7a84fbcd23f9a9d9fd2750c45ff881689670a373fce0cc444183d11999" score = 75 @@ -76659,8 +76659,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ad09E090 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "v1_sha256_6c2d548ba9f01444e8fe4b0aa8a0556970acac06d39bb7c87446b6b91ab0d129" score = 75 @@ -76688,8 +76688,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_12299814 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "eb3802496bd2fef72bd2a07e32ea753f69f1c2cc0b5a605e480f3bbb80b22676" logic_hash = "v1_sha256_52e8bcd0512cedf0fa048b6990a5d331f4302d99b00681c83a76587415894b1e" score = 75 @@ -76717,8 +76717,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_A47B77E4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "995b43ccb20343494e314824343a567fd85f430e241fdeb43704d9d4937d76cc" logic_hash = "v1_sha256_bd2b14c8b8e2649af837224fadb32bf0fb67ac403189063a8cb10ad344fb8015" score = 75 @@ -76746,8 +76746,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_21D0550B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "v1_sha256_c9a12eee281b1e944b5572142c5e18ff087989f45026a94268df22d483210178" score = 75 @@ -76775,8 +76775,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_C8Adb449 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00ec7a6e9611b5c0e26c148ae5ebfedc57cf52b21e93c2fe3eac85bf88edc7ea" logic_hash = "v1_sha256_9c43602dc752dd737a983874bee5ec6af145ce5fdd45d03864a1afdc2aec3ad4" score = 75 @@ -76804,8 +76804,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Bcab1E8F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "19df7fd22051abe3f782432398ea30f8be88cf42ef14bc301b1676f35b37cd7e" logic_hash = "v1_sha256_72643b2860f40c7e901c671d7cc9992870b91912df5d75d2ffba0dfb8684f8d3" score = 75 @@ -76833,8 +76833,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_6671F33A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3" logic_hash = "v1_sha256_a15c842c7c7ec3b11183a1502f8ec03ea786e3f0d47fbab58c62ffff7b018030" score = 75 @@ -76862,8 +76862,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_74418Ec5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d79ad967ac9fc0b1b6d54e844de60d7ba3eaad673ee69d30f9f804e5ccbf2880" logic_hash = "v1_sha256_e74463f53611baaec7c8e126218d8353c6e3a5e71c20e98a7035df6b771b690b" score = 75 @@ -76891,8 +76891,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_979160F6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e70097fb263c90576e87e76cc7be391dbf9c9d73bbd7fb8e5ec282e6ac1f648d" score = 75 quality = 75 @@ -76919,8 +76919,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Fe7139E5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8b13dc59db58b6c4cd51abf9c1d6f350fa2cb0dbb44b387d3e171eacc82a04de" logic_hash = "v1_sha256_d1ef74f2a74950845091b2ebc2f7fd05980bcbd2aea4fdd9549c54cec1768501" score = 75 @@ -76948,8 +76948,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_F35A670C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a73808211ba00b92f8d0027831b3aa74db15f068c53dd7f20fcadb294224f480" logic_hash = "v1_sha256_95a8aeffb7193c3f4adfea5b7f0741a53528620c57cbdb4d471d756db03c6493" score = 75 @@ -76977,8 +76977,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_70E5946E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "v1_sha256_324deafee2b14c125100e49b90ea95bc1fc55020a7e81a69c7730a57430560f4" score = 75 @@ -77006,8 +77006,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_033F06Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd" logic_hash = "v1_sha256_a0c788dbcd43cab2af1614d5d90ed9e07a45b547241f729e09709d2a1ec24e60" score = 75 @@ -77035,8 +77035,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ce0C185F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "v1_sha256_f88c5a295cc62f5a91e26731fc60aaf450376cbb282f43304ba2a5ac5d149dd4" score = 75 @@ -77064,8 +77064,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Da08E491 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4638d9ece32cd1385121146378772d487666548066aecd7e40c3ba5231f54cc0" logic_hash = "v1_sha256_f98252c33f8d76981bbc51de87a11a7edca7292a864fc2a305d29cd21961729e" score = 75 @@ -77093,8 +77093,8 @@ rule ELASTIC_Windows_Trojan_Plugx_5F3844Ff : FILE MEMORY date = "2023-08-28" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PlugX.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PlugX.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a823380e46878dfa8deb3ca0dc394db1db23bb2544e2d6e49c0eceeffb595875" logic_hash = "v1_sha256_a1a484f4cf00ec0775a3f322bae66ce5f9cc52f08306b38f079445233c49bf52" score = 75 @@ -77126,8 +77126,8 @@ rule ELASTIC_Windows_Trojan_Plugx_F338Dab5 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PlugX.yar#L25-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PlugX.yar#L25-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8af3fc1f8bd13519d78ee83af43daaa8c5e2c3f184c09f5c41941e0c6f68f0f7" logic_hash = "v1_sha256_0482305a73bc500aa7c266536cb8286ea796f6b1eaba39547bed22313bbb4457" score = 75 @@ -77157,8 +77157,8 @@ rule ELASTIC_Linux_Trojan_Merlin_55Beddd3 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Merlin.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Merlin.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "15ccdf2b948fe6bd3d3a7f5370e72cf3badec83f0ec7f47cdf116990fb551adf" logic_hash = "v1_sha256_293158c981463544abd0c38694bfc8635ad1a679bbae115521b65879f145cea6" score = 75 @@ -77186,8 +77186,8 @@ rule ELASTIC_Linux_Trojan_Merlin_Bbad69B8 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Merlin.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Merlin.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6" logic_hash = "v1_sha256_e18079c9f018dc8d7f2fdf5c950b405f9f84ad2a5b18775dbef829fe1cb770c3" score = 75 @@ -77215,8 +77215,8 @@ rule ELASTIC_Linux_Trojan_Merlin_C6097296 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Merlin.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Merlin.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6" logic_hash = "v1_sha256_f48ed7f19ab29633600fde4bfea274bf36e7f60d700c9806b334d38a51d28b92" score = 75 @@ -77244,8 +77244,8 @@ rule ELASTIC_Windows_Vulndriver_Hrsword_15B431Ee : FILE MEMORY date = "2023-05-25" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_HrSword.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_HrSword.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "272e934cec4a84ab92b2bccb98539d73542ea9184960a2c9923d4edc667f4d4f" logic_hash = "v1_sha256_d8aed70f101a717efe83adceea0f220fb0b145ab8aa39b6250ac2bc057bf51ce" score = 75 @@ -77274,8 +77274,8 @@ rule ELASTIC_Windows_Ransomware_Stop_1E8D48Ff : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Stop.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Stop.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3" logic_hash = "v1_sha256_d743feae072a5f3e1b008354352bef48218bb041bc8a5ba39526815ab9cd2690" score = 75 @@ -77304,8 +77304,8 @@ rule ELASTIC_Windows_Hacktool_Blackbone_2Ff5Ec38 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4e3887f950bff034efedd40f1e949579854a24140128246fa6141f2c34de6017" logic_hash = "v1_sha256_0c32bd04460cdf7a56664253992a684c2c684b15ac9ca853b27ab24f07f71607" score = 75 @@ -77333,8 +77333,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_70C153B5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "55b133ba805bb691dc27a5d16d3473650360c988e48af8adc017377eed07935b" logic_hash = "v1_sha256_e2fc0721435c656a16e59b6747563df17f0f54a4620efc403a3bba717ccb0f38" score = 75 @@ -77362,8 +77362,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_98B00F9C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c01b88c5d3df7ce828e567bd8d639b135c48106e388cd81497fcbd5dcf30f332" logic_hash = "v1_sha256_cf8c5deddf22e7699cd880bd3f9f28721db5ece6705be4f932e1d041893eef71" score = 75 @@ -77391,8 +77391,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2B250178 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "636605cf63d3e335fe9481d4d110c43572e9ab365edfa2b6d16d96b52d6283ef" logic_hash = "v1_sha256_067705c52de710372b4a2a3b77427106068ad2d9a8e56602e315d09e7b8b6206" score = 75 @@ -77420,8 +77420,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_67Bf4B54 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9d33fba4fda6831d22afc72bf3d6d5349c5393abb3823dfa2a5c9e391d2b9ddf" logic_hash = "v1_sha256_448f5b9dc3c17984464c15f6d542f495a52b0531acc362dedfe3d1a20b932969" score = 75 @@ -77449,8 +77449,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_504B42Ca : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_dd3ed5350e0229ac714178a30de28893c30708734faec329c776e189493cf930" score = 75 quality = 75 @@ -77477,8 +77477,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1Bb752F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb" logic_hash = "v1_sha256_47aa5516350d5c00d1387649df46ce8f09d87bdfafeaa4cbf1c3ef5f2e0b9023" score = 75 @@ -77506,8 +77506,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D625Fcd2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_b95b66392e1a07e0b6acd718a9501cede76e57561e69701e9e881bd3fbd3fe39" score = 75 quality = 75 @@ -77534,8 +77534,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_02D19C01 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b6df662f5f7566851b95884c0058e7476e49aeb7a96d2aa203393d88e584972f" logic_hash = "v1_sha256_43a1dc49bf75cd13637c37290d47b4d6fc1b2c2ac252b64725c0c64e1dd745c6" score = 75 @@ -77563,8 +77563,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2Dd045Fc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "30a77ab582f0558829a78960929f657a7c3c03c2cf89cd5a0f6934b79a74b7a4" logic_hash = "v1_sha256_fa23ca75027f7a5e73652173c9e84112a0b5cd3008fc453fdb33c980dc7b7b24" score = 75 @@ -77592,8 +77592,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1A814B0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb" logic_hash = "v1_sha256_a06f5d5be87153be1253c2e20a60fa36701a745813926be03ee466ce8e2285b0" score = 75 @@ -77621,8 +77621,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_C6218E30 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b43ddd8e355b0c538c123c43832e7c8c557e4aee9e914baaed0866ee5d68ee55" logic_hash = "v1_sha256_3efbc3cb1591a9340df10640b411a9ab4c41e0aa26c1677d9def8b82e4c246f4" score = 75 @@ -77650,8 +77650,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_B17A7888 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "65c9fdd7c559554af06cd394dcebece1bc0fdc7dd861929a35c74547376324a6" logic_hash = "v1_sha256_a7f6daa5c42d186d2c5a027fdb35b45287c3564a7b57b8a2f53659e6ca90602a" score = 75 @@ -77679,8 +77679,8 @@ rule ELASTIC_Windows_Trojan_Behinder_B9A49F4B : FILE MEMORY date = "2023-03-02" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/ref2924-howto-maintain-persistence-as-an-advanced-threat" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Behinder.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Behinder.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a50ca8df4181918fe0636272f31e19815f1b97cce6d871e15e03b0ee0e3da17b" logic_hash = "v1_sha256_2303ef82e4dc5e8be87ddc4563dcd06963d17e1fbf25cf246a6c81e4e74adbcb" score = 75 @@ -77710,8 +77710,8 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_A6Cfc9F7 : FILE MEMORY date = "2023-08-25" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c" logic_hash = "v1_sha256_2b4cd9316e2fda882c95673edecb9c82a03ef4fdcc2d2e25783644cc5dfb5bf0" score = 75 @@ -77743,8 +77743,8 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_3Fef514B : FILE MEMORY date = "2024-05-30" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DustyWarehouse.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DustyWarehouse.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4ad024f53595fdd380f5b5950b62595cd47ac424d2427c176a7b2dfe4e1f35f7" logic_hash = "v1_sha256_865ea1e54950a465b71939a41f7a726ccddcfa9f0d777ea853926f65bca0da84" score = 75 @@ -77772,8 +77772,8 @@ rule ELASTIC_Linux_Exploit_Criscras_Fc505C1D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Criscras.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Criscras.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7399f6b8fbd6d6c6fb56ab350c84910fe19cc5da67e4de37065ff3d4648078ab" logic_hash = "v1_sha256_4d84570c13c584fb7360e798df9f3e6039ee74fdb6ad597add0ea150e3deaa80" score = 75 @@ -77801,8 +77801,8 @@ rule ELASTIC_Windows_Hacktool_Sharpgpoabuse_14Ea480E : FILE MEMORY date = "2024-03-25" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d13f87b9eaf09ef95778b2f1469aa34d03186d127c8f73c73299957d386c78d1" logic_hash = "v1_sha256_efc1259f4ed05c8f41df75c056d36fd5a808a92b5c88cfb0522caedea39476b4" score = 75 @@ -77837,8 +77837,8 @@ rule ELASTIC_Windows_Vulndriver_Threatfire_Cbe7Ac92 : FILE MEMORY date = "2024-08-19" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_ThreatFire.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_ThreatFire.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1c1a4ca2cbac9fe5954763a20aeb82da9b10d028824f42fff071503dcbe15856" logic_hash = "v1_sha256_689e17c9fdfc9de10a2cf3d39306103712504ab46db35ac65ed0340c83af240d" score = 75 @@ -77867,8 +77867,8 @@ rule ELASTIC_Windows_Hacktool_Clroxide_D92D9575 : FILE MEMORY date = "2024-02-29" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3a4900eff80563bff586ced172c3988347980f902aceef2f9f9f6d188fac8e3" logic_hash = "v1_sha256_01bb071e1286bb139c5e1c37e421153ef1b28a5994feeaedf6ad27ad7dade5e9" score = 75 @@ -77902,8 +77902,8 @@ rule ELASTIC_Windows_Hacktool_Askcreds_34E3E3D4 : FILE MEMORY date = "2023-05-16" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d911566ca546a8546928cd0ffa838fd344b35f75a4a7e80789d20e52c7cd38d0" score = 75 quality = 75 @@ -77932,8 +77932,8 @@ rule ELASTIC_Windows_Trojan_Generic_A681F24A : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa" logic_hash = "v1_sha256_72bfefc8f92dbe65d197e02bf896315dcbc54d7b68d0434f43de026ccf934f40" score = 75 @@ -77963,8 +77963,8 @@ rule ELASTIC_Windows_Trojan_Generic_Ae824B13 : REF1296 FILE MEMORY date = "2022-02-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_cee46c1efdaa1815606f932a4f79b316e02c1b481e73c4c2f8b7c72023e8684c" score = 75 quality = 67 @@ -77994,8 +77994,8 @@ rule ELASTIC_Windows_Trojan_Generic_Eb47E754 : REF1296 FILE MEMORY date = "2022-02-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1d96e813ed0261bd0d7caca2803ed8d5fe4d77ea00efc9130eef86aa872c4656" score = 75 quality = 67 @@ -78025,8 +78025,8 @@ rule ELASTIC_Windows_Trojan_Generic_C7Fd8D38 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L67-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L67-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a1702ec12c2bf4a52e11fbdab6156358084ad2c662c8b3691918ef7eabacde96" logic_hash = "v1_sha256_81c56cd741692a7f2a894c2b8f2676aad47f14221228b9466a2ab0f05d76c623" score = 75 @@ -78058,8 +78058,8 @@ rule ELASTIC_Windows_Trojan_Generic_Bbe6C282 : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L91-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L91-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1" logic_hash = "v1_sha256_fe874d69ae71775cf997845c90e731479569e2ac1ac882a4b8c3c73d015b1f30" score = 75 @@ -78087,8 +78087,8 @@ rule ELASTIC_Windows_Trojan_Generic_889B1248 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L111-L132" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L111-L132" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a48d57a139c7e3efa0c47f8699e2cf6159dc8cdd823b16ce36257eb8c9d14d53" logic_hash = "v1_sha256_b3bb93b95377d6c6606d29671395b78c0954cc47d5cc450436799638d0458469" score = 75 @@ -78119,8 +78119,8 @@ rule ELASTIC_Windows_Trojan_Generic_02A87A20 : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L134-L152" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L134-L152" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033" logic_hash = "v1_sha256_610db1b429ed2ecfc552f73ed4782cb56254e6fc98b728ffeff6938fbcce9616" score = 75 @@ -78148,8 +78148,8 @@ rule ELASTIC_Windows_Trojan_Generic_4Fbff084 : FILE MEMORY date = "2023-02-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L154-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L154-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7010a69ba77e65e70f4f3f4a10af804e6932c2218ff4abd5f81240026822b401" logic_hash = "v1_sha256_47d1a01e0edee3239d99ff1f32eb4cfc77d6e38823fed799a562e142d3d3a22d" score = 75 @@ -78180,8 +78180,8 @@ rule ELASTIC_Windows_Trojan_Generic_73Ed7375 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L177-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L177-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2b17328a3ef0e389419c9c86f81db4118cf79640799e5c6fdc97de0fc65ad556" logic_hash = "v1_sha256_7e27c9377d0b2058a2a36da4ac7d37a54c566f3246e69aa356171edae6b478c5" score = 75 @@ -78210,8 +78210,8 @@ rule ELASTIC_Windows_Trojan_Generic_96Cdf3C4 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L198-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L198-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9a4d68de36f1706a3083de7eb41f839d8c7a4b8b585cc767353df12866a48c81" logic_hash = "v1_sha256_f92e5549aca320d71e1eec8daa82e8bbf3517c7f23f376bb355fdfa32da2e7a9" score = 75 @@ -78240,8 +78240,8 @@ rule ELASTIC_Windows_Trojan_Generic_F0C79978 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L219-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L219-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8f800b35bfbc8474f64b76199b846fe56b24a3ffd8c7529b92ff98a450d3bd38" logic_hash = "v1_sha256_b16971ed0947660dda8d79c11531a9498a80e00f2dbc2c0eb63895b7f5c5f980" score = 75 @@ -78270,8 +78270,8 @@ rule ELASTIC_Windows_Trojan_Generic_40899C85 : FILE MEMORY date = "2023-12-15" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L240-L260" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L240-L260" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88eb4f2e7085947bfbd03c69573fdca0de4a74bab844f09ecfcf88e358af20cc" logic_hash = "v1_sha256_317034add0343baa26548712de8b2acc04946385fbee048cea0bd8d7ae642b36" score = 75 @@ -78301,8 +78301,8 @@ rule ELASTIC_Windows_Trojan_Generic_9997489C : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L262-L290" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L262-L290" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_857bbf64ced06f76eb50afbfbb699c62e11625196213c2e5267b828cca911b74" score = 75 quality = 75 @@ -78340,8 +78340,8 @@ rule ELASTIC_Windows_Trojan_Generic_2993E5A5 : FILE MEMORY date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L292-L310" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L292-L310" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9f9b926cef69e879462d9fa914dda8c60a01f3d409b55afb68c3fb94bf1a339b" logic_hash = "v1_sha256_37a10597d1afeb9411f6c652537186628291cbe6af680abe12bb96591add7e78" score = 75 @@ -78369,8 +78369,8 @@ rule ELASTIC_Windows_Trojan_Generic_0E135D58 : FILE MEMORY date = "2024-03-19" modified = "2024-03-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Generic.yar#L312-L330" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Generic.yar#L312-L330" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c" logic_hash = "v1_sha256_bc10218b1d761f72836bb5f9bb41d3f0fe13c4baa1109025269f938ec642aec4" score = 75 @@ -78398,8 +78398,8 @@ rule ELASTIC_Windows_Vulndriver_Cpuz_A53D1446 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6" logic_hash = "v1_sha256_37da20f5fe1377fe85594055dc811424f52e53a9d77060c6784c2e4d1279e26f" score = 75 @@ -78429,8 +78429,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_3793364E : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c9f03767b92bb2c44f6b386e1f0a521f1a7a063cf73799844cc3423d4a7de7be" score = 75 quality = 75 @@ -78458,8 +78458,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_E510798D : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7919bb5f19745a1620e6be91622c40083cbd2ddb02905215736a2ed11e9af5c4" score = 75 quality = 75 @@ -78487,8 +78487,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_63084Eea : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_3fe64502992281511e942b8f4541d61b33e900dbe23ea9f976c7eb9522ce4cbd" score = 75 quality = 75 @@ -78515,8 +78515,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_C2D80609 : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_694a0f917f106fbdde4c8e5dd8f9cdce56e9423ce5a7c3a5bf30bf43308d42e9" score = 75 quality = 75 @@ -78543,8 +78543,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_De591C5A : FILE MEMORY date = "2023-09-25" modified = "2023-11-02" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_fd5cfe2558a7c02a617003140cdcf477ec451ecea4adf2808bef8f93673c28f1" score = 75 quality = 75 @@ -78576,8 +78576,8 @@ rule ELASTIC_Windows_Vulndriver_Rweverything_Aee156A5 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b" logic_hash = "v1_sha256_46b7f2ad46564c6b99f0df6146dff7c88ccbe3ad6c6d1bcbefe756606c4fe40e" score = 75 @@ -78606,8 +78606,8 @@ rule ELASTIC_Windows_Trojan_Bazar_711D59F6 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bazar.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bazar.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e" logic_hash = "v1_sha256_3bde62b468c44bdc18878fd369a7f0cf06f7be64149587a11524f725fa875f69" score = 75 @@ -78635,8 +78635,8 @@ rule ELASTIC_Windows_Trojan_Bazar_9Dddea36 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bazar.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bazar.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "63df43daa61f9a0fbea2e5409b8f0063f7af3363b6bc8d6984ce7e90c264727d" logic_hash = "v1_sha256_cf88e2e896fce742ad3325d53523167d6eb42188309ed4e66f73601bbb85574e" score = 75 @@ -78664,8 +78664,8 @@ rule ELASTIC_Windows_Trojan_Bazar_3A2Cc53B : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bazar.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bazar.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417" logic_hash = "v1_sha256_8cde37be646dbcf7e7f5e3f28f0fe8c95480861c62fa2ee8cdd990859313756c" score = 75 @@ -78693,8 +78693,8 @@ rule ELASTIC_Windows_Trojan_Bazar_De8D625A : FILE MEMORY date = "2022-01-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bazar.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bazar.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ad9ac4785b82c8bfa355c7343b9afc7b1f163471c41671ea2f9152a1b550f0c" logic_hash = "v1_sha256_5fd7bb4ac818ec1b4bfcb7d236868a31b2f726182407c07c7f06c1d7e9c15d02" score = 75 @@ -78722,8 +78722,8 @@ rule ELASTIC_Windows_Trojan_Xpertrat_Ce03C41D : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d7f2fddb43eb63f9246f0a4535dfcca6da2817592455d7eceaacde666cf1aaae" logic_hash = "v1_sha256_f6ff0a11f261bc75c9d0015131f177d39bb9e8e30346a75209ba8fa808ac4fcb" score = 75 @@ -78753,8 +78753,8 @@ rule ELASTIC_Windows_Hacktool_Sharplaps_381C3F40 : FILE MEMORY date = "2022-12-22" modified = "2022-12-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ef0d508b3051fe6f99ba55202a17237f29fdbc0085e3f5c99b1aef52c8ebe425" logic_hash = "v1_sha256_d94f9e4200a63283346919c121873130ad90e4ad5979c017cb71dc0cc910a64a" score = 75 @@ -78789,8 +78789,8 @@ rule ELASTIC_Windows_Trojan_Masslogger_511B001E : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "177875c756a494872c516000beb6011cec22bd9a73e58ba6b2371dba2ab8c337" logic_hash = "v1_sha256_5abac5e32e55467710842e19c25cab5c7f1cdb0f8a68fb6808d54467c69ebdf6" score = 75 @@ -78823,8 +78823,8 @@ rule ELASTIC_Linux_Rootkit_Melofee_25D42Bdd : FILE MEMORY date = "2024-11-14" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Melofee.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Melofee.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5830862707711a032728dfa6a85c904020766fa316ea85b3eef9c017f0e898cc" logic_hash = "v1_sha256_5af18434295e80403c3587165cd9db3b771d8f06eaa467e1161a0cd213446bee" score = 75 @@ -78860,8 +78860,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_581F57A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "v1_sha256_82db0985f215da1d84e16fce94df7553b43b06082bf5475515dbbcf016c40fe4" score = 75 @@ -78889,8 +78889,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_F2298A50 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "v1_sha256_6c2c9b6aea1fb35f8f600dd084ed9cfd56123f7502036e76dd168ccd8b43b28f" score = 75 @@ -78918,8 +78918,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_851Fc7Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "v1_sha256_9f271a16fe30fbf0c16533522b733228f19e0c44d173e4c0ef43bf13323e7383" score = 75 @@ -78947,8 +78947,8 @@ rule ELASTIC_Windows_Vulndriver_Windivert_25991186 : FILE MEMORY date = "2024-06-20" modified = "2024-07-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_WinDivert.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_WinDivert.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2" logic_hash = "v1_sha256_a67679bb2f23d1f6691c9ad23da1fd4c2402701ba1929c7abf078d7d95011a08" score = 75 @@ -78976,8 +78976,8 @@ rule ELASTIC_Linux_Trojan_Sshdkit_18A0B82A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "003245047359e17706e4504f8988905a219fcb48865afea934e6aafa7f97cef6" logic_hash = "v1_sha256_4b7a78ebf3c114809148cc9855379b2e63c959966272ad45759838d570b42016" score = 75 @@ -79005,8 +79005,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Af6Decc6 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d" logic_hash = "v1_sha256_50ec446e8fd51129c7333c943dfe62db099fe1379530441f6b102fcbe3bc0dbd" score = 75 @@ -79035,8 +79035,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_58091F64 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d" logic_hash = "v1_sha256_8a7388e9c3dd0dd1a79215dbabcd964a0afa883490611afb6bb500635fbfff9a" score = 75 @@ -79064,8 +79064,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Deb6325C : FILE MEMORY date = "2022-06-28" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27" logic_hash = "v1_sha256_94f70c60ed4fab021e013cf6a632321e0e1bdeef25a48a598d9e7388e7e445ca" score = 75 @@ -79096,8 +79096,8 @@ rule ELASTIC_Windows_Vulndriver_Arpot_09C714C5 : FILE date = "2022-04-27" modified = "2022-05-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1" logic_hash = "v1_sha256_e5f972ad9a31aefbd20237e6ea3dd19a025c2e3487fa080e9f9b8acf1e3f58e6" score = 75 @@ -79127,8 +79127,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_E75472Fa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8d2a9e363752839a09001a9e3044ab7919daffd9d9aee42d936bc97394164a88" logic_hash = "v1_sha256_e3e9934ee8ce6933f676949c5b5c82ad044ac32f08fe86697b0a0cf7fb63fc5e" score = 75 @@ -79156,8 +79156,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_52462Fe8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c1d8c64105caecbd90c6e19cf89301a4dc091c44ab108e780bdc8791a94caaad" logic_hash = "v1_sha256_1ab6979392eeaa7bd6bd84f8d3531bd9071c54b58306a42dcfdd27bf7ec8f8cd" score = 75 @@ -79185,8 +79185,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_De9E7Bdf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "447da7bee72c98c2202f1919561543e54ec1b9b67bd67e639b9fb6e42172d951" logic_hash = "v1_sha256_bdc4a3e4eeffc0d32e6a86dda54beceab8301d0065731d9ade390392ab4c6126" score = 75 @@ -79214,8 +79214,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_B41F70C2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "19c1a54279be1710724fc75a112741575936fe70379d166effc557420da714cd" logic_hash = "v1_sha256_02de55c537da1cc03af26a171c768ad87984e45983c3739f90ad9983c70e7ccf" score = 75 @@ -79243,8 +79243,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_1D307D7C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00bc669f79b2903c5d9e6412050655486111647c646698f9a789e481a7c98662" logic_hash = "v1_sha256_de4807353d2ba977459a1bf7f51fd815e311c0bdc5fccd5e99fd44a766f6866f" score = 75 @@ -79272,8 +79272,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_7F7Aba78 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "50b73742726b0b7e00856e288e758412c74371ea2f0eaf75b957d73dfb396fd7" logic_hash = "v1_sha256_a3b46d29fa51dd6a911cb9cb0e67e9d57d3f3b6697dc8edcc4d82f09d9819a92" score = 75 @@ -79301,8 +79301,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_Ab8Ba790 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2aee0c74d9642ffab1f313179c26400acf60d7cbd2188bade28534d403f468d4" logic_hash = "v1_sha256_2a7a71712ad3f756a2dc53ec80bd9fb625f7c679fd9566945ebfeb392b9874a9" score = 75 @@ -79330,8 +79330,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_Be1973Ed : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "v1_sha256_65f9daabf44006fe4405032bf93570185248bc62cd287650c68f854b23aa2158" score = 75 @@ -79359,8 +79359,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_1D057993 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "v1_sha256_c5e15e21946816052d5a8dc293db3830f1d6d06cdbf22eb8667b655206dbbc1f" score = 75 @@ -79388,8 +79388,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_29C12775 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "v1_sha256_a8eb79fdf57811f4ffd5a7c5ec54cf46c06281f8cd4d677aec1ad168d6648a08" score = 75 @@ -79417,8 +79417,8 @@ rule ELASTIC_Linux_Trojan_Pnscan_20E34E35 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7dbd5b709f16296ba7dac66dc35b9c3373cf88452396d79d0c92d7502c1b0005" logic_hash = "v1_sha256_1e69ef50d25ffd0f38ed0eb81ab3295822aa183c5e06f307caf02826b1dfa011" score = 75 @@ -79446,8 +79446,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_05088561 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59" logic_hash = "v1_sha256_2b0f8a4efdfb13abcc2a1b43e9c39828ea1de6015fef0ef613bd754da5aa3e9a" score = 75 @@ -79475,8 +79475,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Ae8B98A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_aade76488aa2f557de9082647153cca374a4819cd8e539ebba4bfef2334221b0" score = 75 quality = 75 @@ -79503,8 +79503,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_D707Fd3A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59" logic_hash = "v1_sha256_b825247372aace6e3ce0ff1d9685b6bb041b7277f8967d5f5926b49813cfadc9" score = 75 @@ -79532,8 +79532,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_52Dc7Af3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a9c14b51f95d0c368bf90fb10e7d821a2fbcc79df32fd9f068a7fc053cbd7e83" logic_hash = "v1_sha256_81998164f517b6f1ef72b10227cfff86aa8bbd2b4e2668f946c8ed59696ae74d" score = 75 @@ -79561,8 +79561,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Bb3153Ac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b974b6e6a239bcdc067c53cc8a6180c900052d7874075244dc49aaaa9414cca" logic_hash = "v1_sha256_e8516a24358b12863fe52c823ca67f0004457017334fe77dabf5f08d6bf2d907" score = 75 @@ -79590,8 +79590,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_B548D151 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486" logic_hash = "v1_sha256_cf76a311de9d292a2ea09b3937b8eb7fd761b7c33a464a31acf6b9a5bf121959" score = 75 @@ -79619,8 +79619,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_8394F6D5 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486" logic_hash = "v1_sha256_50a9b65ca6dde4fc32d2d57e72042f4380dd6c263ec5c33ce7c158151b91a5ae" score = 75 @@ -79648,8 +79648,8 @@ rule ELASTIC_Windows_Trojan_STRRAT_A3E48Cd2 : MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "97e67ac77d80d26af4897acff2a3f6075e0efe7997a67d8194e799006ed5efc9" logic_hash = "v1_sha256_32f79695829f703bf9996d212aeb563791aed28e1bbb9f700cb45325fd02db77" score = 75 @@ -79678,8 +79678,8 @@ rule ELASTIC_Linux_Rootkit_Perfctl_Ce456896 : FILE MEMORY date = "2024-11-14" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Perfctl.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Perfctl.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "69de4c062eebb13bf2ee3ee0febfd4a621f2a17c3048416d897aecf14503213a" logic_hash = "v1_sha256_d3782e9674b20fc3efccf7491659969e09f74c2467f1643fe8f5019102f4ee54" score = 75 @@ -79711,8 +79711,8 @@ rule ELASTIC_Windows_Ransomware_Rook_Ee21Fa67 : FILE MEMORY date = "2022-01-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Rook.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Rook.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c2d46d256b8f9490c9599eea11ecef19fde7d4fdd2dea93604cee3cea8e172ac" logic_hash = "v1_sha256_6fe19cfc572a3dceba5e26615d111a3c0fa1036e275a5640a5c5a8f8cdaf6dc1" score = 75 @@ -79740,8 +79740,8 @@ rule ELASTIC_Windows_Ransomware_Maui_266Dea64 : FILE MEMORY date = "2022-07-08" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Maui.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Maui.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e" logic_hash = "v1_sha256_2094920615b6297adb222003d25a8d0934a89f24869e7e70644a4956021c7afc" score = 75 @@ -79779,8 +79779,8 @@ rule ELASTIC_Windows_Vulndriver_Fidpci_Cb7F69B5 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46" logic_hash = "v1_sha256_459429fb4e5156890f19c451e48676c9cd06eaab1c2eaea9236737c795086b5f" score = 75 @@ -79808,8 +79808,8 @@ rule ELASTIC_Linux_Rootkit_Arkd_Bbd56917 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e0765f0e90839b551778214c2f9ae567dd44838516a3df2c73396a488227a600" logic_hash = "v1_sha256_5e1ce9c37d92222e21b43f9e5f3275a70c6e8eb541c3762f9382c5d5c72fb50d" score = 75 @@ -79837,8 +79837,8 @@ rule ELASTIC_Windows_Hacktool_Sharpdump_7C17D8B1 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "14c3ea569a1bd9ac3aced4f8dd58314532dbf974bfa359979e6c7b6a4bbf41ca" logic_hash = "v1_sha256_10ca29b097d9f1cef27349751e8f1e584ead1056a636224a80f00823ca878c13" score = 75 @@ -79870,8 +79870,8 @@ rule ELASTIC_Linux_Ransomware_Royalpest_502A3Db6 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "09a79e5e20fa4f5aae610c8ce3fe954029a91972b56c6576035ff7e0ec4c1d14" logic_hash = "v1_sha256_aefb5a286636b827b50e4bc0ea978a75ba6a9e572504bfbc0a7700372c54a077" score = 75 @@ -79902,8 +79902,8 @@ rule ELASTIC_Windows_Rootkit_R77_5Bab748B : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Rootkit_R77.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Rootkit_R77.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c" logic_hash = "v1_sha256_ebf851ef41fde8e3118acc742cd2b38651f662a00f11dd6f7c65cf56019c43d5" score = 75 @@ -79931,8 +79931,8 @@ rule ELASTIC_Windows_Rootkit_R77_Eb366Abc : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Rootkit_R77.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Rootkit_R77.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "21e7f69986987fc75bce67c4deda42bd7605365bac83cf2cecb25061b2d86d4f" logic_hash = "v1_sha256_3d6f1c60bf749c53f4a4fcfd6490d309e4450d5f7e64de4665c3d80af1bce44f" score = 75 @@ -79961,8 +79961,8 @@ rule ELASTIC_Windows_Rootkit_R77_99050E7D : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Rootkit_R77.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Rootkit_R77.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3dc94c88caa3169e096715eb6c2e6de1b011120117c0a51d12f572b4ba999ea6" logic_hash = "v1_sha256_0fedf4698cc652076090b1fe256d05d2c0bc3ad2ab7ed5faa270c5c7fe0efca1" score = 75 @@ -79991,8 +79991,8 @@ rule ELASTIC_Windows_Rootkit_R77_Be403E3C : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Rootkit_R77.yar#L66-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Rootkit_R77.yar#L66-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "91c6e2621121a6871af091c52fafe41220ae12d6e47e52fd13a7b9edd8e31796" logic_hash = "v1_sha256_efbf924c7a299f2543c639b6262007eb3bdbf6ff5e33dab7d6102814b9477811" score = 75 @@ -80020,8 +80020,8 @@ rule ELASTIC_Windows_Rootkit_R77_Ee853C9F : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Rootkit_R77.yar#L87-L112" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Rootkit_R77.yar#L87-L112" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "916c805b0d512dd7bbd88f46632d66d9613de61691b4bd368e4b7cb1f0ac7f60" logic_hash = "v1_sha256_94f080f310ecace76da32ba2b4edcc80dedfb339113823708167c1d842db8cf3" score = 75 @@ -80055,8 +80055,8 @@ rule ELASTIC_Windows_Rootkit_R77_D0367E28 : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Rootkit_R77.yar#L114-L141" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Rootkit_R77.yar#L114-L141" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "96849108e13172d14591169f8fdcbf8a8aa6be05b7b6ef396d65529eacc02d89" logic_hash = "v1_sha256_588b18c54c344ca267b86143df20c7dcaab081e0ef6acae0bd0dae61593eb521" score = 75 @@ -80092,8 +80092,8 @@ rule ELASTIC_Linux_Exploit_Perl_4A4B8A42 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Perl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Perl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "v1_sha256_c1f7b1c20fe6db6acbe46be38cc97a40de6ca047a4e4490e86610dbff356b395" score = 75 @@ -80121,8 +80121,8 @@ rule ELASTIC_Linux_Exploit_Perl_982Bb709 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Perl.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Perl.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13" logic_hash = "v1_sha256_b38e6cb15034c38c31f6b267b9ecaabe8dfa950a2fc8863cfff7705182cffb3a" score = 75 @@ -80150,8 +80150,8 @@ rule ELASTIC_Windows_Trojan_Diamondfox_18Bc11E3 : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1" logic_hash = "v1_sha256_c64e4b3349b33cfd0fec1fe41f91ad819bb6b6751e822d7ab8d14638ad27571d" score = 75 @@ -80183,8 +80183,8 @@ rule ELASTIC_Windows_Trojan_Amadey_7Abb059B : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Amadey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Amadey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e" logic_hash = "v1_sha256_23b75d6df9e2a7f8e1efee46ecaf1fc84247312b19a8a1941ddbca1b2ce5e1db" score = 75 @@ -80212,8 +80212,8 @@ rule ELASTIC_Windows_Trojan_Amadey_C4Df8D4A : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Amadey.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Amadey.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2" logic_hash = "v1_sha256_7f96c4de585223033fb7e7906be6d6898651ecf30be51ed01abde18ef52c0e1e" score = 75 @@ -80241,8 +80241,8 @@ rule ELASTIC_Linux_Trojan_Swrort_5Ad1A4F9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Swrort.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Swrort.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fa5695c355a6dc1f368a4b36a45e8f18958dacdbe0eac80c618fbec976bac8fe" logic_hash = "v1_sha256_3a1fa978e0c8ab0dd4e7965a3f91306d6123c19f21b86d3f8088979bf58c3a07" score = 75 @@ -80270,8 +80270,8 @@ rule ELASTIC_Linux_Trojan_Swrort_4Cb5B116 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Swrort.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Swrort.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "703c16d4fcc6f815f540d50d8408ea00b4cf8060cc5f6f3ba21be047e32758e0" logic_hash = "v1_sha256_9404856fc3290f3a8f9bf891fde9a614fc4484719eb3b51ce7ab601a41e0c3a5" score = 75 @@ -80299,8 +80299,8 @@ rule ELASTIC_Linux_Trojan_Swrort_22C2D6B6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Swrort.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Swrort.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6df073767f48dd79f98e60aa1079f3ab0b89e4f13eedc1af3c2c073e5e235bbc" logic_hash = "v1_sha256_f661544d267a55feec786ab3d4fc4f002afa8e2b58833461f56b745ec65acfd4" score = 75 @@ -80328,8 +80328,8 @@ rule ELASTIC_Windows_Trojan_Doubleback_D2246A35 : FILE MEMORY date = "2022-05-29" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012" logic_hash = "v1_sha256_2241d2c6e5b5896fe6f3b02cb1786c39fa620ee503c4585bd75c8763b6d3c06a" score = 75 @@ -80369,8 +80369,8 @@ rule ELASTIC_Windows_Wiper_Caddywiper_484Bd98A : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea" logic_hash = "v1_sha256_f473673afc211b02328f4e9d88e709acd95bf4b1fa565f5aca972b92324bf589" score = 75 @@ -80401,8 +80401,8 @@ rule ELASTIC_Windows_Hacktool_Ringq_B9715540 : FILE MEMORY date = "2024-06-28" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_RingQ.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_RingQ.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "450e01c32618cd4e4a327147896352ed1b34dca9fb28389dba450acf95f8b735" logic_hash = "v1_sha256_80d693c43a7026d28121e035ae875689512fd46d7f06c3f469b83d6fe707f36b" score = 75 @@ -80436,8 +80436,8 @@ rule ELASTIC_Windows_Hacktool_Sharpwmi_A67D6Fe5 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2134a5e1a5eece1336f831a7686c5ea3b6ca5aaa63ab7e7820be937da0678e15" logic_hash = "v1_sha256_de8749951ece8d4798ade4661d531515e12edf8e8606ddc330000d847a66a26c" score = 75 @@ -80473,8 +80473,8 @@ rule ELASTIC_Windows_Vulndriver_Powerprofiler_2Eedff78 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05" logic_hash = "v1_sha256_c4a7ae2ffdf70984cea5b543af93b202c78b6108da1e442186d24071b44d6259" score = 75 @@ -80504,8 +80504,8 @@ rule ELASTIC_Windows_Vulndriver_Iqvw_B8B45E6B : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9" logic_hash = "v1_sha256_b0a8716f550ba231ca7db61bafd6effbc351faa45864f9ebf7be81f63f14a933" score = 60 @@ -80535,8 +80535,8 @@ rule ELASTIC_Linux_Virus_Rst_1214E2Ae : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Virus_Rst.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Virus_Rst.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b0e4f44d2456960bb6b20cb468c4ca1390338b83774b7af783c3d03e49eebe44" logic_hash = "v1_sha256_82de4a97f414d591daba2d5d49b941ec4c51d6a6af36f97f062eaac5c74ebe30" score = 75 @@ -80564,8 +80564,8 @@ rule ELASTIC_Windows_Trojan_Revcoderat_8E6D4182 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "77732e74850050bb6f935945e510d32a0499d820fa1197752df8bd01c66e8210" logic_hash = "v1_sha256_35626d752b291e343350534aece35f1d875068c2c050d12312a60e67753c71e1" score = 75 @@ -80596,8 +80596,8 @@ rule ELASTIC_Windows_Trojan_Vidar_9007Feb2 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Vidar.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Vidar.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec" logic_hash = "v1_sha256_fcdef7397f17ee402155e526c6fa8b51f3ea96e203a095b0b4c36cb7d3cc83d1" score = 75 @@ -80625,8 +80625,8 @@ rule ELASTIC_Windows_Trojan_Vidar_114258D5 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Vidar.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Vidar.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec" logic_hash = "v1_sha256_9ea3ea0533d14edd0332fa688497efd566a890d1507214fc8591a0a11433d060" score = 75 @@ -80659,8 +80659,8 @@ rule ELASTIC_Windows_Trojan_Vidar_32Fea8Da : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Vidar.yar#L46-L66" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Vidar.yar#L46-L66" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6f5c24fc5af2085233c96159402cec9128100c221cb6cb0d1c005ced7225e211" logic_hash = "v1_sha256_1a18cdc3bd533c34eb05b239830ecec418dc76ee9f4fcfc48afc73b07d55b3cd" score = 75 @@ -80690,8 +80690,8 @@ rule ELASTIC_Windows_Trojan_Vidar_C374Cd85 : FILE MEMORY date = "2024-01-31" modified = "2024-10-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Vidar.yar#L68-L86" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Vidar.yar#L68-L86" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1c677585a8b724332849c411ffe2563b2b753fd6699c210f0720352f52a6ab72" logic_hash = "v1_sha256_8e183f780400f3bf9840798d53b431a4bf28bc43e07d69a3d614217e02f5dd79" score = 75 @@ -80719,8 +80719,8 @@ rule ELASTIC_Windows_Trojan_Vidar_65D3D7E5 : FILE MEMORY date = "2024-10-14" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Vidar.yar#L88-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Vidar.yar#L88-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "83d7c2b437a5cbb314c457d3b7737305dadb2bc02d6562a98a8a8994061fe929" logic_hash = "v1_sha256_2b340f43faf563c7edbce6323d551208c4d9541d7153ea6c1c0d9a95b351e54b" score = 75 @@ -80756,8 +80756,8 @@ rule ELASTIC_Windows_Trojan_Havoc_77F3D40E : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Havoc.yar#L1-L35" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Havoc.yar#L1-L35" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3427dac129b760a03f2c40590c01065c9bf2340d2dfa4a4a7cf4830a02e95879" logic_hash = "v1_sha256_3d2733ed24d90e9e851ec36a08c497e9c90b47c3dcbb8755e3f6b6a6bd3a8b54" score = 75 @@ -80801,8 +80801,8 @@ rule ELASTIC_Windows_Trojan_Havoc_9C7Bb863 : FILE MEMORY date = "2023-04-28" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Havoc.yar#L37-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Havoc.yar#L37-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "261b92d9e8dcb9d0abf1627b791831ec89779f2b7973b1926c6ec9691288dd57" logic_hash = "v1_sha256_c1245c38c54b0a72fb335680d9ea191390e4e2fe7e47a3ed776878c5e01a3e16" score = 75 @@ -80831,8 +80831,8 @@ rule ELASTIC_Windows_Trojan_Havoc_88053562 : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Havoc.yar#L58-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Havoc.yar#L58-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2f0b59f8220edd0d34fba92905faf0b51aead95d53be8b5f022eed7e21bdb4af" logic_hash = "v1_sha256_f79b39cc2ca4bbf6ad4b6585a9914a75797110d6fb68bcb7141c5c3d0429c412" score = 75 @@ -80860,8 +80860,8 @@ rule ELASTIC_Windows_Trojan_Havoc_Ffecc8Af : FILE MEMORY date = "2024-04-29" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Havoc.yar#L78-L107" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Havoc.yar#L78-L107" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "495d323651c252e38814b77b9c6c913b9489e769252ac8bbaf8432f15e0efe44" logic_hash = "v1_sha256_c9da6215db1de91a6cd52dd6558dc5a60bbd69abc6fa0db8714f001cdae20ddb" score = 75 @@ -80900,8 +80900,8 @@ rule ELASTIC_Linux_Trojan_Snessik_D166F98C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Snessik.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Snessik.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3ececc2edfff2f92d80ed3a5140af55b6bebf7cae8642a0d46843162eeddddd" logic_hash = "v1_sha256_44f15a87d48338aafa408d4bcabef844c8864cd95640ad99208b5035e28ccd27" score = 75 @@ -80929,8 +80929,8 @@ rule ELASTIC_Linux_Trojan_Snessik_E435A79C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Snessik.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Snessik.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e24749b07f824a4839b462ec4e086a4064b29069e7224c24564e2ad7028d5d60" logic_hash = "v1_sha256_4850530a0566844447f56f4e5cb43c5982b1dcb784bb1aef3e377525b8651ed3" score = 75 @@ -80958,8 +80958,8 @@ rule ELASTIC_Linux_Rootkit_Hiddenwasp_8408057B : FILE MEMORY date = "2024-11-14" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_HiddenWasp.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_HiddenWasp.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7c5e20872bc0ac5cce83d4c68485743cd16a818cd1e495f97438caad0399c847" logic_hash = "v1_sha256_1d21cdd38d7428c498eface37fb8b1ca1e99295c88f57cb638871753d0be0f15" score = 75 @@ -81002,8 +81002,8 @@ rule ELASTIC_Linux_Ransomware_Monti_9C64F016 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Monti.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Monti.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ad8d1b28405d9aebae6f42db1a09daec471bf342e9e0a10ab4e0a258a7fa8713" logic_hash = "v1_sha256_c22a4efaaf97d68deaf1978e637dd7f790541e5007c6323629bcc9e3d4eecd06" score = 75 @@ -81034,8 +81034,8 @@ rule ELASTIC_Linux_Trojan_Ebury_7B13E9B6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ebury.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ebury.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_30d126ffc5b782236663c23734f1eef21e1cc929d549a37bba8e1e7b41321111" score = 75 quality = 75 @@ -81062,8 +81062,8 @@ rule ELASTIC_Linux_Backdoor_Fontonlake_Fe916A45 : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8a0a9740cf928b3bd1157a9044c6aced0dfeef3aa25e9ff9c93e113cbc1117ee" logic_hash = "v1_sha256_590b28264345ea0bdbd53791f422cb4f1fad143df2b790824fc182356a568d7d" score = 75 @@ -81101,8 +81101,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_986D2D3C : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838" logic_hash = "v1_sha256_d767a1ecdff557753f80ac9d73f02364dd035f7a287d0f260316f807364af2d5" score = 75 @@ -81130,8 +81130,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_Cdf192F9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d" logic_hash = "v1_sha256_2f844b6d3fa19fd39097395175162578ad71d78c61dad104efd320cd8285fa6b" score = 75 @@ -81159,8 +81159,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_0Eca57Dc : FILE date = "2023-07-20" modified = "2023-07-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3" hash = "a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f" logic_hash = "v1_sha256_82a0cba571dc58ed8d3fd87d3650ec0c1016e6c8e972547f6120ba91c8febce1" @@ -81191,8 +81191,8 @@ rule ELASTIC_Windows_Trojan_Phoreal_66E91De3 : FILE MEMORY date = "2022-02-16" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88f073552b30462a00d1d612b1638b0508e4ef02c15cf46203998091f0aef4de" logic_hash = "v1_sha256_c68131fd5e0272d3d473db387a186056a38e6611925ae448d5b668022e6e163a" score = 75 @@ -81223,8 +81223,8 @@ rule ELASTIC_Windows_Trojan_Hancitor_6738D84A : FILE MEMORY date = "2021-06-17" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a674898f39377e538f9ec54197689c6fa15f00f51aa0b5cc75c2bafd86384a40" logic_hash = "v1_sha256_448243b6925c4e419b1fd492ac5e8d43a7baa4492ba7a5a0b44bc8e036c77ec2" score = 75 @@ -81254,8 +81254,8 @@ rule ELASTIC_Windows_Vulndriver_Speedfan_9B590Eee : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c" logic_hash = "v1_sha256_6f75c0e6b89dd1ceb85c73b7e51fd261ca2804e14a5f8ed6ce3352b3f1bcdfe4" score = 75 @@ -81284,8 +81284,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_825B6808 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7db9a0760dd16e23cb299559a0e31a431b836a105d5309a9880fa4b821937659" logic_hash = "v1_sha256_f5f997d8401f1505e81072dcb0e24ad7a78f0b56133698b70d8dd93ef25ddaf3" score = 75 @@ -81313,8 +81313,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A44Ab8Cd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4b2068a4a666b0279358b8eb4f480d2df4c518a8b4518d0d77c6687c3bff0a32" logic_hash = "v1_sha256_a0501f76aff532366292189d34a57844ba999748b94f349be2f391dfd96e2106" score = 75 @@ -81342,8 +81342,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7026F674 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b7a77ebb66664c54d01a57abed5bb034ef2933a9590b595bba0566938b099438" logic_hash = "v1_sha256_ec8ece1f922260f620fb30d82469f77a4d0239da536fc464fc37a3943cd6e463" score = 75 @@ -81371,8 +81371,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_761Ad88E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "v1_sha256_2b0c64da713e2f8ff671cbe086638810bc02a983d42851e78c68a57bde9f023c" score = 75 @@ -81400,8 +81400,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B93655D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_34cb06385543c6c2c562f757df2f641d8402e7c9f95fa924e17652a1c38d695f" score = 75 quality = 75 @@ -81428,8 +81428,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Af9F75E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705" logic_hash = "v1_sha256_b74f5fad3c7219038e51eb4fa12fb9d55d7f65a9f4bab0adff8609fabb0afdab" score = 75 @@ -81457,8 +81457,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Bf0E994 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ea2dc13eec0d7a8ec20307f5afac8e9344d827a6037bb96a54ad7b12f65b59c" logic_hash = "v1_sha256_2c1099b8078ac306f7cb67be5b5b5e34f57414b9aa26bdd6c26d3636c80846cd" score = 75 @@ -81486,8 +81486,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D710A5Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4" logic_hash = "v1_sha256_118a29cc0ccd191181dabc134de282ba134e041113faaa4d95e0aa201646438b" score = 75 @@ -81515,8 +81515,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F434A3Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4" logic_hash = "v1_sha256_11b173f73b87f50775be50c6b4528bd9b148ea4266297aec76ae126cab0facb0" score = 75 @@ -81544,8 +81544,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A2795A4C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71" logic_hash = "v1_sha256_18e15b8a417f9ff2fd9277a01eb3224c761807ce9541ece568f4525ae66eb81f" score = 75 @@ -81573,8 +81573,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_678C1145 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "559793b9cb5340478f76aaf5f81c8dbfbcfa826657713d5257dac3c496b243a6" logic_hash = "v1_sha256_5ff15c8d92bca62700bbb67aeebc41fd603687dbc0c93733955bf59375df40a1" score = 60 @@ -81602,8 +81602,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_3Cbdfb1F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bd40ac964f3ad2011841c7eb4bf7cab332d4d95191122e830ab031dc9511c079" logic_hash = "v1_sha256_38e8ca59bf55c32b99aa76a89f60edcf09956b7cad0b4745fab92eca327c52db" score = 75 @@ -81631,8 +81631,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_8B63Ff02 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304" logic_hash = "v1_sha256_3b68353c8eeb21a3eba7a02ae76b66b4f094ec52d5309582544d247cc6548da3" score = 75 @@ -81660,8 +81660,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_30973084 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a22ffa748bcaaed801f48f38b26a9cfdd5e62183a9f6f31c8a1d4a8443bf62a4" logic_hash = "v1_sha256_d965a032c0fb6020c6187aa3117f7251dd8c9287c45453e3d5ae2ac62b3067bb" score = 75 @@ -81689,8 +81689,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Cfa95Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "v1_sha256_f73a96cc379c8dc060bfe5668ef7e47c5bcd037b3f41c300ef20c2f2f653cb00" score = 75 @@ -81718,8 +81718,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_25C48456 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "eba6f3e4f7b53e22522d82bdbdf5271c3fc701cbe07e9ecb7b4c0b85adc9d6b4" logic_hash = "v1_sha256_4ed4b901fccaed834b9908fb447da1521bf31f283ae55b6d8f6090814cf8fcd2" score = 75 @@ -81747,8 +81747,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B1Ca2Abd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "v1_sha256_05b906a9823bf9ba25ba1ed490beb8f338429cbc744ca230c5c4cbb41ab9f140" score = 75 @@ -81776,8 +81776,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Cce8C792 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6" logic_hash = "v1_sha256_14700d24e8682ec04f2aae02f5820c4d956db60583b1bc61038b47e709705d0d" score = 75 @@ -81805,8 +81805,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_4Bcea1C4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71" logic_hash = "v1_sha256_76019729a3a33fc04ff983f38b4fbf174a66da7ffc05cd07eb93e3cd5aecaaa2" score = 75 @@ -81834,8 +81834,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Ab561A1B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1b7df0d491974bead05d04ede6cf763ecac30ecff4d27bb4097c90cc9c3f4155" logic_hash = "v1_sha256_5720d2ada4b33514f2d528417876606d2951786df8b0512f9e8833b8ec87127a" score = 75 @@ -81863,8 +81863,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1A4Eb229 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705" logic_hash = "v1_sha256_83b04e366a05a46ad67b9aaf6b9658520e119003cd65941dd69416cbc5229c30" score = 75 @@ -81892,8 +81892,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_51Ef0659 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b7a2bc75dd9c44c38b2a6e4e7e579142ece92a75b8a3f815940c5aa31470be2b" logic_hash = "v1_sha256_26dd95cb1cdaec10d408e294a3baca85d741cf5e56649cdcc79ef7216e4cb440" score = 75 @@ -81921,8 +81921,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D90C4Cbe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "v1_sha256_145d32f8a06af18e6f13b0905cc51fd7b1a9e00b41b0f0a5d537ada2b54a94b5" score = 75 @@ -81950,8 +81950,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_C680C9Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6" logic_hash = "v1_sha256_a283132ffdd109b8b1f01e5a3e2700b70b742945c7ae8b15b2b244fb249a5e3d" score = 75 @@ -81979,8 +81979,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_E63396F4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "913e6d2538bd7eed3a8f3d958cf445fe11c5c299a70e5385e0df6a9b2f638323" logic_hash = "v1_sha256_d3f7c62a7411caf86ee574a686b4b1972066602f89d39ae9e49ba66d9917c7c9" score = 75 @@ -82008,8 +82008,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7D5355Da : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "03397525f90c8c2242058d2f6afc81ceab199c5abcab8fd460fabb6b083d8d20" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_b4540f941ca1a36c460d056ef263ebd67c6388f3f6f373f50371f7cca2739bc4" score = 75 quality = 75 @@ -82036,8 +82036,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A9E8A90F : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0558cf8cab0ba1515b3b69ac32975e5e18d754874e7a54d19098e7240ebf44e4" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8f1fcb736a9363142a25426ef2d166f92526bffaf8069f1b12056c9cf5825379" score = 75 quality = 75 @@ -82064,8 +82064,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A598192A : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_19909f53acca8c84125c95fc651765a25162c5f916366da8351e67675393e583" score = 75 quality = 75 @@ -82092,8 +82092,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_53Bf4E37 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d1aabf8067b74dac114e197722d51c4bbb9a78e6ba9b5401399930c29d55bdcc" score = 75 quality = 75 @@ -82120,8 +82120,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_50158A6E : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1e0cdb655e48d21a6b02d2e1e62052ffaaec9fdfe65a3d180fc8afabc249e1d8" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_67c22fcf514a3e8c2c27817798c796aacf00ba82e1090894aa2c1170a1e2a096" score = 75 quality = 75 @@ -82148,8 +82148,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F454Ec10 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "0297e1ad6e180af85256a175183102776212d324a2ce0c4f32e8a44a2e2e9dad" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e5afb215632ad6359ba95df86316d496ea5e36edb79901c34e0710a6bd9c97d1" score = 75 quality = 75 @@ -82176,8 +82176,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_9417F77B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "60ff13e27dad5e6eadb04011aa653a15e1a07200b6630fdd0d0d72a9ba797d68" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_470b7e44cd875b1f6abcfa5e4d33d2808a65630dc914b38643c9efb14db5f1ff" score = 75 quality = 75 @@ -82204,8 +82204,8 @@ rule ELASTIC_Windows_Trojan_Dcrat_1Aeea1Ac : FILE MEMORY date = "2022-01-15" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DCRat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DCRat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_6163e04a40ed52d5e94662131511c3ae08d473719c364e0f7de60dff7fa92cf7" score = 75 quality = 75 @@ -82238,8 +82238,8 @@ rule ELASTIC_Windows_Trojan_Wineloader_13E8860A : FILE MEMORY date = "2024-03-24" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f5cb3234eff0dbbd653d5cdce1d4b1026fa9574ebeaf16aaae3d4e921b6a7f9d" logic_hash = "v1_sha256_c072abb73377ed59c0dd9fab25a4c84575ab9badbddfda1ed51e576e4e12fa82" score = 75 @@ -82269,8 +82269,8 @@ rule ELASTIC_Windows_Hacktool_Dinvokerust_512D3B59 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ebf0f1bfd166d2d49b642fa43cb0c7364c0c605d9a7f108dc49d9f1cc859ab4a" logic_hash = "v1_sha256_7be1a4e25cf41e47ab135c718b7ec5a49a2890cf873c52597f8dab4d47636ed8" score = 75 @@ -82303,8 +82303,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_Be71209D : FILE MEMORY date = "2023-01-31" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "452b08d6d2aa673fb6ccc4af6cebdcb12b5df8722f4d70d1c3491479e7b39c05" logic_hash = "v1_sha256_24e035bbcd5d44877e6e582a995d0035ad26c53e832c34b0c8a3836cb1a11637" score = 75 @@ -82333,8 +82333,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_0D899241 : MEMORY date = "2023-01-31" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cb3a425565b854f7b892e6ebfb3734c92418c83cd590fc1ee9506bcf4d8e02ea" logic_hash = "v1_sha256_57385e149c6419aed2dcd3ecbbe26d8598918395a6480dd5cdb799ce7328901a" score = 75 @@ -82368,8 +82368,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_91902940 : FILE MEMORY date = "2022-04-29" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028" logic_hash = "v1_sha256_71e26cce6d730560e1303b2a4f49d0da6d1341263bb47ade46338f03e528cbf7" score = 75 @@ -82404,8 +82404,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_F11D57Df : FILE MEMORY date = "2022-04-29" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45ece107409194f5f1ec2fbd902d041f055a914e664f8ed2aa1f90e223339039" logic_hash = "v1_sha256_6401b215523289a3842dec6d3e016a2ca99512c5889e87cb5ff13023bb0b8e1e" score = 75 @@ -82438,8 +82438,8 @@ rule ELASTIC_Windows_Trojan_Hijackloader_A8444812 : FILE MEMORY date = "2023-11-15" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "065c379a33ef1539e8a68fd4b7638fe8a30ec19fc128642ed0c68539656374b9" logic_hash = "v1_sha256_6cd88adc7a0d35013a26d1135efb294ee6f9ddab99b4549e82d3d6f5f65509b6" score = 75 @@ -82472,8 +82472,8 @@ rule ELASTIC_Windows_Trojan_Arkeistealer_84C7086A : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "708d9fb40f49192d4bf6eff62e0140c920a7eca01b9f78aeaf558bef0115dbe2" logic_hash = "v1_sha256_b7129094389f789f0b43f0da54645c24a6d1149f53d6536c14714e3ff44f935b" score = 75 @@ -82501,8 +82501,8 @@ rule ELASTIC_Windows_Ransomware_Clop_6A1670Aa : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Clop.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Clop.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_afe28000d50495bf2f2adc6cbf0159591ce87bff207f3c6a1d38e09f9ed328d7" score = 75 quality = 75 @@ -82530,8 +82530,8 @@ rule ELASTIC_Windows_Ransomware_Clop_E04959B5 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Clop.yar#L22-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Clop.yar#L22-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_039fcb0e48898c7546588cd095fac16f06cf5e5568141aefb6db382a61e80a8d" score = 75 quality = 50 @@ -82568,8 +82568,8 @@ rule ELASTIC_Windows_Ransomware_Clop_9Ac9Ea3E : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Clop.yar#L52-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Clop.yar#L52-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1228ee4b934faf1d5f8cf4518974cd2c80a73d84c8a354bde4813fb97ba516d7" score = 75 quality = 75 @@ -82597,8 +82597,8 @@ rule ELASTIC_Windows_Ransomware_Clop_606020E7 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Clop.yar#L73-L92" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Clop.yar#L73-L92" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_f5169b324bc19f6f5a04c99f1d3326c97300d038ec383c3eab94eb258963ac30" score = 75 quality = 75 @@ -82626,8 +82626,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A6E956C9 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_fb4e3e54618075d5ef6ec98d1ba9c332ce9f677f0879e07b34a2ca08b2180dd9" score = 75 quality = 75 @@ -82655,8 +82655,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_38B8Ceec : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8e3bc02661cedb9885467373f8120542bb7fc8b0944803bc01642fbc8426298b" score = 75 quality = 75 @@ -82684,8 +82684,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_7Bc0F998 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_29cb48086dbcd48bd83c5042ed78370e127e1ea5170ee7383b88659b31e896b5" score = 75 quality = 75 @@ -82713,8 +82713,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_F7F826B4 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2f5264e07c65d5ef4efe49a48c24ccef9a4b9379db581d2cf18e1131982e6f2f" score = 75 quality = 75 @@ -82742,8 +82742,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_24338919 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_af8cceebdebca863019860afca5d7c6400b68c8450bc17b7d7b74aeab2d62d16" score = 75 quality = 75 @@ -82771,8 +82771,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_0F5A852D : FILE MEMORY date = "2021-04-07" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_11cddf2191a2f70222a0c8c591e387b4b5667bc432a2f686629def9252361c1d" score = 75 quality = 75 @@ -82800,8 +82800,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_C9773203 : FILE MEMORY date = "2021-04-07" modified = "2021-08-23" reference = "https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1d6503ccf05b8e8b4368ed0fb2e57aa2be94151ce7e2445b5face7b226a118e9" score = 75 quality = 75 @@ -82829,8 +82829,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_Dd5Ce989 : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://www.rapid7.com/blog/post/2015/03/25/stageless-meterpreter-payloads/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "86cf98bf854b01a55e3f306597437900e11d429ac6b7781e090eeda3a5acb360" logic_hash = "v1_sha256_5c094979be1cd347ffee944816b819b6fbb62804b183a6120cd3a93d2759155b" score = 75 @@ -82861,8 +82861,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_96233B6B : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e7a2d966deea3a2df6ce1aeafa8c2caa753824215a8368e0a96b394fb46b753b" logic_hash = "v1_sha256_09a2b9414a126367df65322966b671fe7ea963cd65ef48e316c9d139ee502d31" score = 75 @@ -82891,8 +82891,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_4A1C4Da8 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22" logic_hash = "v1_sha256_9d3a3164ed1019dcb557cf20734a81be9964a555ddb2e0104f7202880b2ed177" score = 75 @@ -82921,8 +82921,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_91Bc5D7D : FILE MEMORY date = "2021-08-02" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987" logic_hash = "v1_sha256_74154902b03c36a4ee9bc54ae9399bae9e6afb7fe8d0fe232b88250afc368d6f" score = 75 @@ -82950,8 +82950,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A91A6571 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ff7795edff95a45b15b03d698cbdf70c19bc452daf4e2d5e86b2bbac55494472" logic_hash = "v1_sha256_cc59320ba9f8907d1d9b9dc120d8b4807b419e49c55be1fd5d2cdbb0c5d4e5cc" score = 75 @@ -82979,8 +82979,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B29Fe355 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4f0ab4e42e6c10bc9e4a699d8d8819b04c17ed1917047f770dc6980a0a378a68" logic_hash = "v1_sha256_7a2189b59175acb66a7497c692a43c413a476f5c4371f797bf03a8ddb550992c" score = 75 @@ -83010,8 +83010,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_66140F58 : FILE MEMORY date = "2022-08-15" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01a0c5630fbbfc7043d21a789440fa9dadc6e4f79640b370f1a21c6ebf6a710a" logic_hash = "v1_sha256_0a855b7296f7cea39cc5d57b239d3906133ea43a0811ec60e4d91765cf89aced" score = 75 @@ -83039,8 +83039,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_2092C42A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e47d88c11a89dcc84257841de0c9f1ec388698006f55a0e15567354b33f07d3c" logic_hash = "v1_sha256_83c46c6b957f10d406ea9985c518eb2fba3e82b9023bfdefa8bdd4be7fb67826" score = 75 @@ -83069,8 +83069,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_46E1C247 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ef70e1faa3b1f40d92b0a161c96e13c96c43ec6651e7c87ee3977ed07b950bab" logic_hash = "v1_sha256_760a4e28e312a7d744208dc833ffad8d139ce7c536b407625a7fb0dff5ddb1d1" score = 75 @@ -83099,8 +83099,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B62Aac1E : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "af9af81f7e46217330b447900f80c9ce38171655becb3b63e51f913b95c71e70" logic_hash = "v1_sha256_3ef6b7fb258b060ae00b060dbf9b07620f8cda0d9a827985bbb3ed9617969ef6" score = 75 @@ -83129,8 +83129,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_47F5D54A : FILE MEMORY date = "2023-11-13" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bc3754cf4a04491a7ad7a75f69dd3bb2ddf0d8592ce078b740d7c9c7bc85a7e1" logic_hash = "v1_sha256_be080d0aae457348c4a02c204507a8cb14d1728d1bc50d7cf12b577aa06daf9f" score = 75 @@ -83159,8 +83159,8 @@ rule ELASTIC_Windows_Trojan_Dbatloader_F93A8E90 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f72d7e445702bbf6b762ebb19d521452b9c76953d93b4d691e0e3e508790256e" logic_hash = "v1_sha256_6fe91d91bb383c66a6dc623b02817411a39b88030142517f4048c5c25fbb4ac5" score = 75 @@ -83188,8 +83188,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_A40C7Ef0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c389c42bac5d4261dbca50c848f22c701df4c9a2c5877dc01e2eaa81300bdc29" logic_hash = "v1_sha256_6118ea86d628450e79ee658f4b95bae40080764a25240698d8ca7fcb7e6adaaf" score = 75 @@ -83217,8 +83217,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_6C6000C2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8877009fc8ee27ba3b35a7680b80d21c84ee7296bcabe1de51aeeafcc8978da7" logic_hash = "v1_sha256_0cae81cbc0fdf48b4e7ac09865f05e2ad93d79b7a6f1af76a632727127ab050f" score = 75 @@ -83246,8 +83246,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E191222D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e2f4313538c3ef23adbfc50f37451c318bfd1ffd0e5aaa346cce4cc37417f812" logic_hash = "v1_sha256_6ffb2add4a76214ffd555cf1fe356371acd3638216094097b355670ecfe02ecd" score = 75 @@ -83275,8 +83275,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E57B0A0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f8ee385316b60ee551565876287c06d76ac5765f005ca584d1ca6da13a6eb619" logic_hash = "v1_sha256_b2f67805e9381864591fdf61846284da97f8dd2f5c60484ce9c6e76d2f6f3872" score = 75 @@ -83304,8 +83304,8 @@ rule ELASTIC_Linux_Trojan_Rozena_56651C1D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rozena.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rozena.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "997684fb438af3f5530b0066d2c9e0d066263ca9da269d6a7e160fa757a51e04" logic_hash = "v1_sha256_a6d283b0c398cb1004defe7f5669f912112262e5aaf677ae4ca7fd15565cb988" score = 75 @@ -83333,8 +83333,8 @@ rule ELASTIC_Windows_Trojan_A310Logger_520Cd7Ec : FILE MEMORY date = "2022-01-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_A310logger.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_A310logger.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3" logic_hash = "v1_sha256_6095ce913e3fb1cfc2f1b091598fc06b2dfec30c2353be7df08dcbb1a06b07c3" score = 75 @@ -83366,8 +83366,8 @@ rule ELASTIC_Windows_Trojan_Dridex_63Ddf193 : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Dridex.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Dridex.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b1d66350978808577159acc7dc7faaa273e82c103487a90bf0d040afa000cb0d" logic_hash = "v1_sha256_e792f4693be0a7c71d1e638212a8fb3acb1e14dedd48218861fad8c09811da29" score = 75 @@ -83396,8 +83396,8 @@ rule ELASTIC_Windows_Trojan_Dridex_C6F01353 : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Dridex.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Dridex.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "739682ccb54170e435730c54ba9f7e09f32a3473c07d2d18ae669235dcfe84de" logic_hash = "v1_sha256_7146204d779610c04badfc7d884ff882ff5f1439b61f889d1edf4419240c5751" score = 75 @@ -83425,8 +83425,8 @@ rule ELASTIC_Linux_Trojan_Getshell_98D002Bf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Getshell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Getshell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "97b7650ab083f7ba23417e6d5d9c1d133b9158e2c10427d1f1e50dfe6c0e7541" logic_hash = "v1_sha256_358575f55910b060bde94bbc55daa9650a43cf1470b77d1842ddcaa8b299700a" score = 75 @@ -83454,8 +83454,8 @@ rule ELASTIC_Linux_Trojan_Getshell_213D4D69 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "05fc4dcce9e9e1e627ebf051a190bd1f73bc83d876c78c6b3d86fc97b0dfd8e8" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Getshell.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Getshell.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2075def88b31ac32e44c270ab20273c8b91f37e25a837c0353f76bcf431cdcb3" score = 75 quality = 75 @@ -83482,8 +83482,8 @@ rule ELASTIC_Linux_Trojan_Getshell_3Cf5480B : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0e41c0d6286fb7cd3288892286548eaebf67c16f1a50a69924f39127eb73ff38" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Getshell.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Getshell.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_87b0db74e81d4f236b11f51a72fba2e4263c988402292b2182d19293858c6126" score = 75 quality = 75 @@ -83510,8 +83510,8 @@ rule ELASTIC_Linux_Trojan_Getshell_8A79B859 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1154ba394176730e51c7c7094ff3274e9f68aaa2ed323040a94e1c6f7fb976a2" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Getshell.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Getshell.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2aa3914ec4cc04e5daa2da1460410b4f0e5e7a37c5a2eae5a02ff5f55382f1fe" score = 75 quality = 75 @@ -83538,8 +83538,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_7Df5A747 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433" logic_hash = "v1_sha256_192b51f0bbd2cab4c1d3da6f82fbee7129a53abaa6e8769d3681821112017824" score = 75 @@ -83569,8 +83569,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_9B01C718 : FILE date = "2023-01-22" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bb82d8c29127955d58dff58978605a9daa718425c74c4bce5ae3e53712909148" logic_hash = "v1_sha256_5734f6a249656f22a2a363b42ae77b5e6b7673bc96bad34b04b1be7f2b584b08" score = 75 @@ -83600,8 +83600,8 @@ rule ELASTIC_Linux_Exploit_CVE_2019_13272_583Dd2C0 : FILE MEMORY CVE_2019_13272 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3191b9473f3e59f55e062e6bdcfe61b88974602c36477bfa6855ccd92ff7ca83" logic_hash = "v1_sha256_0b25f0d979d2fc3f7d646a9b3eccf2a293b41181b499c790d3e99515fcd09603" score = 75 @@ -83629,8 +83629,8 @@ rule ELASTIC_Windows_Trojan_Octopus_15813E26 : FILE MEMORY date = "2021-11-10" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Octopus.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Octopus.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_0d30b96ead4ccba75e08f6ba1db73cee61a29b5b0c7ee0fb523cbcd61dce9d87" score = 75 quality = 75 @@ -83658,8 +83658,8 @@ rule ELASTIC_Linux_Trojan_Dinodasrat_1D371D10 : FILE MEMORY date = "2024-04-02" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_DinodasRAT.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_DinodasRAT.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bf830191215e0c8db207ea320d8e795990cf6b3e6698932e6e0c9c0588fc9eff" logic_hash = "v1_sha256_933e78882be1d8dd9553ba90f038963d1b6f8f643888258541b7668aa3434808" score = 75 @@ -83692,8 +83692,8 @@ rule ELASTIC_Windows_Trojan_Flawedgrace_8C5Eb04B : FILE MEMORY date = "2023-11-01" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e" logic_hash = "v1_sha256_dc07197cb9a02ff8d271f78756c2784c74d09e530af20377a584dbfe77e973aa" score = 75 @@ -83725,8 +83725,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_13B3C88B : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82" logic_hash = "v1_sha256_1e37650292884e28dcc51c42bc1b1d1e8efc13b0727f7865ff1dc7b8e1a72380" score = 75 @@ -83755,8 +83755,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_D595781E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7" logic_hash = "v1_sha256_289eb17025d989cc74e109b1c03378e9760817a84f1a759153ff6ff6b6401e6d" score = 75 @@ -83785,8 +83785,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_B09Af431 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038" logic_hash = "v1_sha256_916a6e63dc4c7ee0bfdf4a455ee467a1d03c1042db60806511aa7cbf3b096190" score = 75 @@ -83815,8 +83815,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_5693E967 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89" logic_hash = "v1_sha256_4cbc7a52de7f610cdb12bf40a9099bcfae818dcb5e4119a8c34499433aeebd7e" score = 75 @@ -83845,8 +83845,8 @@ rule ELASTIC_Windows_Trojan_Darkcomet_1Df27Bcc : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7fbe87545eef49da0df850719536bb30b196f7ad2d5a34ee795c01381ffda569" logic_hash = "v1_sha256_5886e3316839e64f934a0e84d85074e076f3e1e44f86fee35a87eb560bfa2aa7" score = 75 @@ -83878,8 +83878,8 @@ rule ELASTIC_Linux_Trojan_Generic_402Be6C5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d30a8f5971763831f92d9a6dd4720f52a1638054672a74fdb59357ae1c9e6deb" logic_hash = "v1_sha256_b32111972bc21822f0f2c8e47198c90b70e78667410175257b9542c212fc3a1d" score = 75 @@ -83907,8 +83907,8 @@ rule ELASTIC_Linux_Trojan_Generic_5420D3E7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "103b8fced0aebd73cb8ba9eff1a55e6b6fa13bb0a099c9234521f298ee8d2f9f" logic_hash = "v1_sha256_8ba3566ec900e37f05f11d40c65ffe1dfc587c553fa9c28b71ced7a9a90f50c3" score = 75 @@ -83936,8 +83936,8 @@ rule ELASTIC_Linux_Trojan_Generic_4F4Cc3Ea : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "32e25641360dbfd50125c43754cd327cf024f1b3bfd75b617cdf8a17024e2da5" logic_hash = "v1_sha256_9eb0d93b8c1a579ca8362d033edecbbe6a9ade82f6ae5688c183b97ed7b97faa" score = 75 @@ -83965,8 +83965,8 @@ rule ELASTIC_Linux_Trojan_Generic_703A0258 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b086d0119042fc960fe540c23d0a274dd0fb6f3570607823895c9158d4f75974" logic_hash = "v1_sha256_cb37930637b8da91188d199ee20f1b64a0b1f13e966a99e69b983e623dac51de" score = 75 @@ -83994,8 +83994,8 @@ rule ELASTIC_Linux_Trojan_Generic_378765E4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1" logic_hash = "v1_sha256_dd10305f553fa94ff83fafa84cff3d544f097b617fca20760eef838902e1f7db" score = 75 @@ -84023,8 +84023,8 @@ rule ELASTIC_Linux_Trojan_Generic_F657Fb4F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1" logic_hash = "v1_sha256_af4fa2c21b47f360b425ebbfea624e3728cd682e54e367d265b4f3a6515b0720" score = 75 @@ -84052,8 +84052,8 @@ rule ELASTIC_Linux_Trojan_Generic_Be1757Ef : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13" logic_hash = "v1_sha256_567d33c262e5f812c6a702bcc0a1f0cf576b67bf7cf67bb82b5f9ce9f233aaff" score = 75 @@ -84081,8 +84081,8 @@ rule ELASTIC_Linux_Trojan_Generic_7A95Ef79 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f59340a740af8f7f4b96e3ea46d38dbe81f2b776820b6f53b7028119c5db4355" logic_hash = "v1_sha256_6da43e4bab6b2024b49dfc943f099fb21c06d8d4a082a05594b07cb55989183c" score = 75 @@ -84110,8 +84110,8 @@ rule ELASTIC_Linux_Trojan_Generic_1C5E42B7 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f" logic_hash = "v1_sha256_cd759b87a303fafb9461d0a73b6a6b3f468b1f3db0189ba0e584a629e5d78da1" score = 75 @@ -84139,8 +84139,8 @@ rule ELASTIC_Linux_Trojan_Generic_8Ca4B663 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ddf479e504867dfa27a2f23809e6255089fa0e2e7dcf31b6ce7d08f8d88947e" logic_hash = "v1_sha256_43b8cae2075f55a98b226f865d54e1c96345db0564815d849b3458d3f3ffee7f" score = 75 @@ -84168,8 +84168,8 @@ rule ELASTIC_Linux_Trojan_Generic_D3Fe3Fae : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2a2542142adb05bff753e0652e119c1d49232d61c49134f13192425653332dc3" logic_hash = "v1_sha256_0b980a0bcf8340410fe2b53d109f629c6e871ebe82af467153d7b50b73fd8644" score = 60 @@ -84197,8 +84197,8 @@ rule ELASTIC_Linux_Trojan_Generic_5E981634 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "448e8d71e335cabf5c4e9e8d2d31e6b52f620dbf408d8cc9a6232a81c051441b" logic_hash = "v1_sha256_4623c07a15588788ec8a484642a33f2d18127849302d57520a0dac875564f62c" score = 75 @@ -84226,8 +84226,8 @@ rule ELASTIC_Linux_Trojan_Generic_D8953Ca0 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "552753661c3cc7b3a4326721789808482a4591cb662bc813ee50d95f101a3501" logic_hash = "v1_sha256_cbc1a60a1d9525f7230336dff07f56e6a0b99e7c70c99d3f4363c06ed0071716" score = 75 @@ -84255,8 +84255,8 @@ rule ELASTIC_Linux_Trojan_Generic_181054Af : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e677f1eed0dbb4c680549e0bf86d92b0a28a85c6d571417baaba0d0719da5f93" logic_hash = "v1_sha256_e92807b603dd33fe7a083985644a213913a77e81c068623fdac7931148207b91" score = 75 @@ -84284,8 +84284,8 @@ rule ELASTIC_Linux_Trojan_Generic_C3D529A2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b46135ae52db6399b680e5c53f891d101228de5cd6c06b6ae115e4a763a5fb22" logic_hash = "v1_sha256_a508acd95844a4385943166f715606199048d96be0098bc89f9be7b9db34833e" score = 75 @@ -84313,8 +84313,8 @@ rule ELASTIC_Linux_Trojan_Generic_4675Dffa : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L301-L320" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L301-L320" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "43e14c9713b1ca1f3a7f4bcb57dd3959d3a964be5121eb5aba312de41e2fb7a6" logic_hash = "v1_sha256_d2865a869d0cf0bf784106fe6242a4c7f58e58a43c4d4ae0241b10569810904d" score = 75 @@ -84343,8 +84343,8 @@ rule ELASTIC_Linux_Trojan_Generic_5E3Bc3B3 : FILE MEMORY date = "2024-09-20" modified = "2024-11-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Generic.yar#L322-L344" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Generic.yar#L322-L344" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_33c14a6b8b5a2fc105ea6f1d5ee89e53f6c5e44126b9cf687058de64d649b5ca" score = 75 quality = 50 @@ -84376,8 +84376,8 @@ rule ELASTIC_Windows_Backdoor_Dragoncastling_4Ecf6F9F : FILE MEMORY date = "2022-11-08" modified = "2022-12-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9776c7ae6ca73f87d7c838257a5bcd946372fbb77ebed42eebdfb633b13cd387" logic_hash = "v1_sha256_26ff86354230f1006bd451eab5c1634b91888330d124a06dd2dfa5ab515d6e1a" score = 75 @@ -84413,8 +84413,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_88033Ff1 : FILE MEMORY date = "2021-09-20" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c" logic_hash = "v1_sha256_695d7d411a4de23ba1517a06bda3ce73add37dca1e6fe9046e7c2dcae237389e" score = 75 @@ -84445,8 +84445,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_D3B685A1 : FILE MEMORY date = "2021-09-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c" logic_hash = "v1_sha256_7d187aa75fc767f5009f3090852de4894776f4b3f99f189478e7e9fd9c3acbe7" score = 75 @@ -84474,8 +84474,8 @@ rule ELASTIC_Linux_Exploit_Abrox_5641Ba81 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Abrox.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Abrox.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8de96c8e61536cae870f4a24127d28b86bd8122428bf13965c596f92182625aa" logic_hash = "v1_sha256_29c894720c8d9134623427768ab1ab3d5e66fbeae86dd957f449d00091db9019" score = 75 @@ -84503,8 +84503,8 @@ rule ELASTIC_Multi_Attacksimulation_Blindspot_D93F54C5 : FILE MEMORY date = "2022-05-23" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_41984a0ad20ab21186252bb2f3f68604d2cbeea0e1ce22895dd163f7acbf2ca1" score = 75 quality = 75 @@ -84531,8 +84531,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_B97Baf37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da" logic_hash = "v1_sha256_e58130c33242bc3020602c2c0254bed2bbc564c4a11806c6cfcd858fd724c362" score = 75 @@ -84560,8 +84560,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_E2443Be5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da" logic_hash = "v1_sha256_85733ff904cfa3eddaa4c4fbfc51c00494c3a3725e2eb722bbf33c82e7135336" score = 75 @@ -84589,8 +84589,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_683C2Ba1 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a02e166fbf002dd4217c012f24bb3a8dbe310a9f0b0635eb20a7d315049367e1" logic_hash = "v1_sha256_eef2bdef7e20633f7dc92f653b43e3a217e8cbdbac63d05540bdd520e22dd1ed" score = 75 @@ -84618,8 +84618,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_8Bca73F6 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e7c17b7916b38494b9a07c249acb99499808959ba67125c29afec194ca4ae36c" logic_hash = "v1_sha256_2cfad4e436198391185fdae5c4af18ae43841db19da33473fdf18b64b0399613" score = 75 @@ -84647,8 +84647,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_C4018572 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c1515b3a7a91650948af7577b613ee019166f116729b7ff6309b218047141f6d" logic_hash = "v1_sha256_10d70540532c5c2984dc7e492672450924cb8f34c8158638191886057596b0a1" score = 75 @@ -84676,8 +84676,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_733C0330 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b303f241a2687dba8d7b4987b7a46b5569bd2272e2da3e0c5e597b342d4561b6" logic_hash = "v1_sha256_37bf7777e26e556f09b8cb0e7e3c8425226a6412c3bed0d95fdab7229b6f4815" score = 75 @@ -84705,8 +84705,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_39F4Cd0D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c08e1347877dc77ad73c1e017f928c69c8c78a0e3c16ac5455668d2ad22500f3" logic_hash = "v1_sha256_5b61f54604b110d2c8efaf1782a2e520baac96c6d3e8d1eda0877475c504bf89" score = 75 @@ -84734,8 +84734,8 @@ rule ELASTIC_Macos_Trojan_Fplayer_1C1Fae37 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f57e651088dee2236328d09705cef5e98461e97d1eb2150c372d00ca7c685725" logic_hash = "v1_sha256_0d65717bdbac694ffb2535a1ff584f7ec2aa7b553a08d29113c6e2bd7b2ff1aa" score = 75 @@ -84763,8 +84763,8 @@ rule ELASTIC_Windows_Remoteadmin_Ultravnc_965F054A : FILE MEMORY date = "2023-03-18" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "59bddb5ccdc1c37c838c8a3d96a865a28c75b5807415fd931eaff0af931d1820" logic_hash = "v1_sha256_a9b9d0958f09b23fa7b27ef7ec32b3feb98edca3be5a21552a3a2f50e3fd41c1" score = 75 @@ -84798,8 +84798,8 @@ rule ELASTIC_Linux_Trojan_Sambashell_F423755D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bd8a3728a59afbf433799578ef597b9a7211c8d62e87a25209398814851a77ea" logic_hash = "v1_sha256_b93c671fae87cd635679142d248cb2b754389ba3b416f3370ea331640eb906ab" score = 75 @@ -84827,8 +84827,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_196523Fa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_baa5808fcf22700ae96844dbf8cb3bec52425eec365d2ba4c71b73ece11a69a2" score = 75 quality = 75 @@ -84855,8 +84855,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_7Cdbe9Fa : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "v1_sha256_c6f5d2cf0430301ec0eae57808100203b69428f258e0e6882fecbc762d73f4bf" score = 75 @@ -84884,8 +84884,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_2C1Ffe78 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "v1_sha256_9561511710eef5877c5afa49890b77fbad31a6e312b5cd33fc01f91ff2a73583" score = 75 @@ -84913,8 +84913,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_85276Fb4 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "v1_sha256_6919afd133e7e369eece10ea79d9d17a1a3fbb6210593395e0be157f8c262811" score = 75 @@ -84942,8 +84942,8 @@ rule ELASTIC_Windows_Trojan_Falsefont_D1F0D357 : FILE MEMORY date = "2024-03-26" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614" logic_hash = "v1_sha256_af356dec77f773cec01626a3823dbea7e9d3719b9d152ec4057c0b97efabf0df" score = 75 @@ -84978,8 +84978,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_1897_6Cf0A073 : FILE MEMORY CVE_2009_1897 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "85f371bf73ee6d8fcb6fa9a8a68b38c5e023151257fd549855c4c290cc340724" logic_hash = "v1_sha256_dcde454fda09cb6bc7b213b76d70eafd65d2601cfda70ff25c6940b55ce3adb6" score = 75 @@ -85007,8 +85007,8 @@ rule ELASTIC_Linux_Trojan_Snowlight_F5C83D35 : FILE MEMORY date = "2024-05-16" modified = "2024-06-12" reference = "https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Snowlight.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Snowlight.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7d6652d8fa3748d7f58d7e15cefee5a48126d0209cf674818f55e9a68248be01" logic_hash = "v1_sha256_fef8f44e897a0f453be2f84d28886d27e261f8256c53c0425c5265b138ce5f40" score = 75 @@ -85036,8 +85036,8 @@ rule ELASTIC_Linux_Ransomware_Conti_53A640F4 : FILE MEMORY date = "2022-09-22" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Conti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Conti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8b57e96e90cd95fc2ba421204b482005fe41c28f506730b6148bcef8316a3201" logic_hash = "v1_sha256_b83a47664d8acce7de17ac5972d9fd5e708c8cd3d8ebedc2bacf1397fd25f5d3" score = 75 @@ -85065,8 +85065,8 @@ rule ELASTIC_Linux_Ransomware_Conti_A89C26Cf : FILE MEMORY date = "2023-07-30" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Conti.yar#L21-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Conti.yar#L21-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "95776f31cbcac08eb3f3e9235d07513a6d7a6bf9f1b7f3d400b2cf0afdb088a7" logic_hash = "v1_sha256_301f3f3ece06a1cd6788db6e3003497b27470780eaaad95f40ed926e7623793e" score = 75 @@ -85097,8 +85097,8 @@ rule ELASTIC_Linux_Hacktool_Fontonlake_68Ad8568 : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "717953f52318e7687fc95626561cc607d4875d77ff7e3cf5c7b21cf91f576fa4" logic_hash = "v1_sha256_63dd5769305c715e27e3c62160f7b0f65b57204009ed46383b5b477c67cfac8e" score = 75 @@ -85137,8 +85137,8 @@ rule ELASTIC_Windows_Trojan_Pony_D5516Fe8 : FILE MEMORY date = "2021-08-14" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Pony.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Pony.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567" logic_hash = "v1_sha256_4a850d32fb28477e7e3fef2dda6ba327b800e2ebcae1a483970cde78f34a4ff7" score = 75 @@ -85172,8 +85172,8 @@ rule ELASTIC_Windows_Trojan_Twistedtinsel_Aa56E527 : FILE MEMORY date = "2023-12-06" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ef1cbdf9a23ae028a858e1d09529982eaeda61197ae029e091918690d3a86e2e" logic_hash = "v1_sha256_de31d0a5560baf6b37897eba3a637b00b539f542a2620983c3407a6898e003c7" score = 75 @@ -85202,8 +85202,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_100011_21025F50 : FILE MEMORY CVE_2017_10001 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "32db88b2c964ce48e6d1397ca655075ea54ce298340af55ea890a2411a67d554" logic_hash = "v1_sha256_3ec54a7639ccfc019e01fa287f69a93af57087e2d67d0c8574a646afb9043db5" score = 75 @@ -85231,8 +85231,8 @@ rule ELASTIC_Windows_Vulndriver_Rentdrv_B6711B6B : FILE MEMORY date = "2024-08-19" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_RentDrv.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_RentDrv.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5" logic_hash = "v1_sha256_3b3d66fefb4f0efbc8b86687925eac25284a6efad3acc74ad4a627d975cd5e7b" score = 75 @@ -85261,8 +85261,8 @@ rule ELASTIC_Windows_Vulndriver_Rtcore_4Eeb2Ce5 : FILE date = "2022-04-04" modified = "2022-08-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd" logic_hash = "v1_sha256_f547bce6554c60e8f3ef8e128c05533cf1f35ce0ee414d5a1c5e9a205b05d8fe" score = 75 @@ -85291,8 +85291,8 @@ rule ELASTIC_Windows_Trojan_Babylonrat_0F66E73B : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4278064ec50f87bb0471053c068b13955ed9d599434e687a64bf2060438a7511" logic_hash = "v1_sha256_66223dc9e2ef7330e26c91f0c82c555e96e4c794a637ab2cbe36410f3eca202a" score = 75 @@ -85323,8 +85323,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D7Bd0E5D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "afcfd67af99e437f553029ccf97b91ed0ca891f9bcc01c148c2b38c75482d671" logic_hash = "v1_sha256_1f87721fdfe58d029c0696bc99385a0052c771bc48b2c9ce01b72c3e42359654" score = 75 @@ -85352,8 +85352,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_69E1A763 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b04d9fabd1e8fc42d1fa8e90a3299a3c36e6f05d858dfbed9f5e90a84b68bcbb" logic_hash = "v1_sha256_d0dac8e2c9571d9e622c8c1250a54a7671ad1b9b00dba584c3741b714c22d8e0" score = 75 @@ -85381,8 +85381,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_397A86Bd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "79c47a80ecc6e0f5f87749319f6d5d6a3f0fbff7c34082d747155b9b20510cde" logic_hash = "v1_sha256_6b46a82d1aea0357f5a48c9ae1d93e3d4d31bd98b9c9b4e0b0d0629e7f159499" score = 75 @@ -85410,8 +85410,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_37C3F8D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "efbddf1020d0845b7a524da357893730981b9ee65a90e54976d7289d46d0ffd4" logic_hash = "v1_sha256_e7bdd185ea4227b0960c3e677e7d8ac7488d53eaa77efd631be828b2ca079bb8" score = 75 @@ -85439,8 +85439,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_28A80546 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "96cc225cf20240592e1dcc8a13a69f2f97637ed8bc89e30a78b8b2423991d850" logic_hash = "v1_sha256_120e9f7cad0fc8aebd843374c0edca8cbb701882ab55a7f24aced1d80d8cd697" score = 75 @@ -85468,8 +85468,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9D531F70 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0" logic_hash = "v1_sha256_87d3cb7049975d52f2a6d6aa10e6b6d0d008d166ca5f9889ad1413a573d8b58e" score = 75 @@ -85497,8 +85497,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_23A5C29A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f" logic_hash = "v1_sha256_c2608e7ee73102e0737a859a18c5482877c6dc0e597d8a14d8d41f5e01a0b1f4" score = 75 @@ -85526,8 +85526,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Ea5703Ce : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bec6eea63025e2afa5940d27ead403bfda3a7b95caac979079cabef88af5ee0b" logic_hash = "v1_sha256_bbf0191ecff24fd24376fd3dec2e96644188ca4d26b4ca4f087e212bae2eab85" score = 75 @@ -85555,8 +85555,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6A4F4255 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "v1_sha256_133290dc7423174bb3b41b152bab038d118b47baaca52705b66fd9be01692a03" score = 75 @@ -85584,8 +85584,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9088D00B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8abb2b058ec475b0b6fd0c994685db72e98d87ee3eec58e29cf5c324672df04a" logic_hash = "v1_sha256_3ebc8cb6d647138e72194528dafc644c90222440855d657ec50109f11ff936da" score = 75 @@ -85613,8 +85613,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_71024C4A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "afe81c84dcb693326ee207ccd8aeed6ed62603ad3c8d361e8d75035f6ce7c80f" logic_hash = "v1_sha256_0c66a3388fe8546ae180e52d50ef05a28755d24e47b3b56f390d5c6fcb0b89eb" score = 75 @@ -85642,8 +85642,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D81368A3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "71225e4702f2e0a0ecf79f7ec6c6a1efc95caf665fda93a646519f6f5744990b" logic_hash = "v1_sha256_0e30c9ebd8f2d3a489180f114daf91a3655ce9075ae25ea3d6ef5be472d7721a" score = 75 @@ -85671,8 +85671,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_97E9Cebe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b4ff62d92bd4d423379f26b37530776b3f4d927cc8a22bd9504ef6f457de4b7a" logic_hash = "v1_sha256_8aad31db2646fb9971b9af886e30f6c5a62a9c7de86cb9dc9e1341ac3b7762eb" score = 75 @@ -85700,8 +85700,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_98Ff0F36 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4c14aaf05149bb38bbff041432bf9574dd38e851038638aeb121b464a1e60dcc" logic_hash = "v1_sha256_60f17855b08cfc51e497003cbb5ed25d9168fb29c57d8bfd7105b9b5e714e3a1" score = 75 @@ -85729,8 +85729,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1512Cf40 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc063a0e763894e86cdfcd2b1c73d588ae6ecb411c97df2a7a802cd85ee3f46d" logic_hash = "v1_sha256_0d43e6a4bd5036c2b6adb61f2d7b11e625c20e9a3d29242c7c34cfc7708561be" score = 75 @@ -85758,8 +85758,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_0D6005A1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "230d46b39b036552e8ca6525a0d2f7faadbf4246cdb5e0ac9a8569584ef295d4" logic_hash = "v1_sha256_c3fd32e7582f0900b94fe3ba6b6bcdf238f78e2e343d70d5b0196a968a41cf26" score = 75 @@ -85787,8 +85787,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E1Ff020A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b611898f1605751a3d518173b5b3d4864b4bb4d1f8d9064cc90ad836dd61812" logic_hash = "v1_sha256_be801989b9770f3b70217bd5f13795b5dd0b516209f631d900b6647e0afe8d98" score = 75 @@ -85816,8 +85816,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_102D6F7C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bd40c2fbf775e3c8cb4de4a1c7c02bc4bcfa5b459855b2e5f1a8ab40f2fb1f9e" logic_hash = "v1_sha256_52966eaaef5522e711dc89bd796b1e12019a8485ee789e8d5112d86f7e630170" score = 75 @@ -85845,8 +85845,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9C8F3B1A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "74d8344139c5deea854d8f82970e06fc6a51a6bf845e763de603bde7b8aa80ac" logic_hash = "v1_sha256_f7ab9990b417c1c81903dcb7adaae910d20ea7fce6689d4846dd6002bea3e721" score = 75 @@ -85874,8 +85874,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_76Cb94A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f" logic_hash = "v1_sha256_758ee41048c94576e7a872bfdacc6b6f2be3d460169905c876585037e11fdaa8" score = 75 @@ -85903,8 +85903,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_616Afaa1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0901672d2688660baa26fdaac05082c9e199c06337871d2ae40f369f5d575f71" logic_hash = "v1_sha256_53a309a6a274558e4ae8cfa8f3e258f23dc9ceafab3be46351c00d24f5d790ec" score = 75 @@ -85932,8 +85932,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_18Af74B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "52707aa413c488693da32bf2705d4ac702af34faee3f605b207db55cdcc66318" logic_hash = "v1_sha256_d8ec9bd01fcabdd4a80e07287ecc85026007672bbc3cd2d4cbb2aef98da88ed5" score = 75 @@ -85961,8 +85961,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1B76C066 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f60302de1a0e756e3af9da2547a28da5f57864191f448e341af1911d64e5bc8b" logic_hash = "v1_sha256_be239bc14d1adf05a5c6bf2b2557551566330644a049b256a7a5c0ab9549bd06" score = 75 @@ -85990,8 +85990,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B6Ea5Ee1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8" logic_hash = "v1_sha256_529119e07aa0243afddc3141dc441c314c3f75bdf3aee473b8bb7749c95fa78a" score = 75 @@ -86019,8 +86019,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_050Ac14C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0" logic_hash = "v1_sha256_c34b0ff3ce867a76ef57fad7642de7916fa7baebf1a2a8d514f7b74be7231fd4" score = 75 @@ -86048,8 +86048,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Df937Caa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8" logic_hash = "v1_sha256_d76a6008576687088f28674fb752e1a79ad2046e0208a65c21d0fcd284812ad8" score = 75 @@ -86077,8 +86077,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E9Ff82A8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "62ea137e42ce32680066693f02f57a0fb03483f78c365dffcebc1f992bb49c7a" logic_hash = "v1_sha256_9309aaad6643fa212bb04ce8dc7d24978839fe475f17d36e3b692320563b6fad" score = 75 @@ -86106,8 +86106,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_A5267Ea3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b342ceeef58b3eeb7a312038622bcce4d76fc112b9925379566b24f45390be7d" logic_hash = "v1_sha256_081633b5aa0490dbffcc0b8ab9850b59dbbd67d947c0fe68d28338a352e94676" score = 75 @@ -86135,8 +86135,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_4E9075E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "098bf2f1ce9d7f125e1c9618f349ae798a987316e95345c037a744964277f0fe" logic_hash = "v1_sha256_fe117f65666b9eac19fa588ee631f9be7551a3a9e3695b7ecbb77806658678aa" score = 75 @@ -86164,8 +86164,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_3A8D0974 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "193fe9ea690759f8e155458ef8f8e9efe9efc8c22ec8073bbb760e4f96b5aef7" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7039d461d8339d635a543fae2c6dbea284ce1b727d6585b69d8d621c603f37ac" score = 75 quality = 75 @@ -86192,8 +86192,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B9E6Ffdf : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0f3200a93f1be4589eec562c4f688e379e687d09c03d1d8850cc4b5f90f192a" logic_hash = "v1_sha256_57d5b3eb5812a849d04695bdb1fb728a5ebd3bf5201ac3e7f36d37af0622eec2" score = 75 @@ -86221,8 +86221,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_7Ef74003 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a172cfecdec8ebd365603ae094a16e247846fdbb47ba7fd79564091b7e8942a0" logic_hash = "v1_sha256_1bde07dbb88357fcc02171512725be94d9fc0427c03afb2d59fbd0658c5d8e2e" score = 75 @@ -86250,8 +86250,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1D0700B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd" logic_hash = "v1_sha256_a24264cb071d269c82718aed5bc5c6c955e1cb2c7a63fe74d4033bfa6adf8385" score = 75 @@ -86279,8 +86279,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_55Beb2Ee : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "edda1c6b3395e7f14dd201095c1e9303968d02c127ff9bf6c76af6b3d02e80ad" logic_hash = "v1_sha256_8a31b4866100b35d559d50f5db6f80d51bced93f9aac3f0d2d1de71ba692a3c5" score = 75 @@ -86308,8 +86308,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Fdd7340F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd" logic_hash = "v1_sha256_fd39ba5cf050d23de0889feefa9cd74dfb6385a09aa9dba90dc1d5d6cb020867" score = 75 @@ -86337,8 +86337,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E36A35B0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ab6d8f09df67a86fed4faabe4127cc65570dbb9ec56a1bdc484e72b72476f5a4" logic_hash = "v1_sha256_0572f584746a2af6f545798b25445fd4e764a9eecc01b7476e5c1af631eb314a" score = 75 @@ -86366,8 +86366,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6Dad0380 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "628b1cc8ccdbe2ae0d4ef621da047e07e2532d00fe3d4da65f0a0bcab20fb546" logic_hash = "v1_sha256_b305448d5517212adb7586e7af12842095e1a263520511329e40f0865fe4f81b" score = 75 @@ -86395,8 +86395,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E73F501E : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2f646ced4d05ba1807f8e08a46ae92ae3eea7199e4a58daf27f9bd0f63108266" logic_hash = "v1_sha256_2f6187f3447f9409485e9e8aa047114aa3c38bcc338106c3ed8680152dff121a" score = 75 @@ -86424,8 +86424,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_5E56D076 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "32e1cb0369803f817a0c61f25ca410774b4f37882cab966133b4f3e9c74fac09" logic_hash = "v1_sha256_c8e2ebcffe8a169c2cc311c95538b674937fa87e06d2946a6ed3b0c1f039f7fc" score = 75 @@ -86453,8 +86453,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_54357231 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a" logic_hash = "v1_sha256_a895c9fd124d6bd55748093c3ef54606e5692285260aa21bd70dca02126239d2" score = 75 @@ -86482,8 +86482,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_467C4D46 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a" logic_hash = "v1_sha256_b28f871365c1fa6315b1c2fc6698bdd224961972cd578db05c311406c239ac22" score = 75 @@ -86511,8 +86511,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E0Cca9Dc : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383" logic_hash = "v1_sha256_fa4089f74fc78e99427b4e8eda9f8348e042dc876c7281a4a2173c83076bfbd2" score = 75 @@ -86540,8 +86540,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_36E404E2 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383" logic_hash = "v1_sha256_d38cc5714721c0b00cfa47cb9828fd76ff57ec8180e5cfe1fec67a092dd87904" score = 75 @@ -86569,8 +86569,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_947Dcc5E : FILE MEMORY date = "2024-04-19" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7c5a6ac425abe60e8ea5df5dfa8211a7c34a307048b4e677336b735237dcd8fd" logic_hash = "v1_sha256_c4aac006561386fbfe0fa0fe3df6b6798d2915a3dbfb5384583ebf9b2f413115" score = 75 @@ -86598,8 +86598,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B4C2D007 : FILE MEMORY date = "2024-04-19" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Generic.yar#L881-L899" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Generic.yar#L881-L899" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e1e518ba226d30869e404b92bfa810bae27c8b1476766934961e80c44e39c738" logic_hash = "v1_sha256_cb52d9233028918210b8bd3959a6649d75b5c6873befff0cf62d9e71dfecc302" score = 75 @@ -86627,8 +86627,8 @@ rule ELASTIC_Windows_Vulndriver_Vmdrv_7C674F8E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351" logic_hash = "v1_sha256_87f29b861d5239c60e44541fe31ed90696068225b1b6d824dc9b06fcdb1597ae" score = 75 @@ -86658,8 +86658,8 @@ rule ELASTIC_Windows_Hacktool_Sharphound_5Adf9D6D : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1f74ed6e61880d19e53cde5b0d67a0507bfda0be661860300dcb0f20ea9a45f4" logic_hash = "v1_sha256_2c9f38187866985109a42ffdf8940b5d195aadd3815b2de952b190d4b0b95c3c" score = 75 @@ -86691,8 +86691,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4E31426E : FILE MEMORY date = "2021-07-21" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174" logic_hash = "v1_sha256_44ac7659964519ae72f83076bcd1b3e5244eb9cadd9a3b123dda78b0e9e07424" score = 75 @@ -86720,8 +86720,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4Ee15B92 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "09b9283286463b35ea2d5abfa869110eb124eb8c1788eb2630480d058e82abf2" logic_hash = "v1_sha256_7d5ba6a4cc1f1b87f7ea1963b41749f5488197ea28b31f20a235091236250463" score = 75 @@ -86749,8 +86749,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_Ea14B2A5 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "15fe237276b9c2c6ceae405c0739479d165b406321891c8a31883023e7b15d54" logic_hash = "v1_sha256_8a96985902f82979f1512d4d30cfa41fd23562b8f86bf2f722351ef2adf4365f" score = 75 @@ -86779,8 +86779,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_De52Ed44 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c689a384f626616005d37a94e6a5a713b9eead1b819a238e4e586452871f6718" logic_hash = "v1_sha256_95a60079a316016ca3f78f18e7920b962f5770bef4211dd70e37f45bbe069406" score = 75 @@ -86809,8 +86809,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_Bf391Fe0 : FILE MEMORY date = "2024-08-27" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Smokeloader.yar#L83-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Smokeloader.yar#L83-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fe2489230d024f5e0e7d0da0210f93e70248dc282192c092cbb5e0eddc7bd528" logic_hash = "v1_sha256_8a697596f8aa9a2af230b294c64ee844fcb593814a070ebf10e084c18e7f5ac7" score = 75 @@ -86839,8 +86839,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_A01Aa3Ab : FILE MEMORY date = "2024-08-27" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Smokeloader.yar#L104-L123" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Smokeloader.yar#L104-L123" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3a189a736cfdfbb1e3789326c35cecfa901a2adccc08c66c5de1cac8e4c1791b" logic_hash = "v1_sha256_385f93a98e71f8e78e2f916775bd8db182842c8439a2f15238780388b63e2e91" score = 75 @@ -86869,8 +86869,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_62Eb5427 : FILE MEMORY date = "2024-08-27" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Smokeloader.yar#L125-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Smokeloader.yar#L125-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "21e7fcce8ffb7826108800b6aee21d6b8ea9275975b639ed5ca9f8ddd747329e" logic_hash = "v1_sha256_e3c70731792a8fbf0b08443f6df3c42f44a548fa9d19be7ee98c677952600e5b" score = 75 @@ -86900,8 +86900,8 @@ rule ELASTIC_Windows_Trojan_Raspberryrobin_4B4D6899 : FILE MEMORY date = "2023-12-13" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2f0451f38adb74cb96c857de455887b00c5038b68210294c7f52b0b5ff64cc1e" logic_hash = "v1_sha256_bbafad9509b367e811e86cb8f2f64d9c1d59f82b5cd58a7af43325bb7fa9d9c3" score = 75 @@ -86929,8 +86929,8 @@ rule ELASTIC_Linux_Trojan_Azeela_Aad9D6Cc : FILE MEMORY date = "2021-01-12" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Azeela.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Azeela.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6c476a7457ae07eca3d3d19eda6bb6b6b3fa61fa72722958b5a77caff899aaa6" logic_hash = "v1_sha256_8cd3c383ac2149e0cd18589bf838848d81b5ff72e3123a8b523ee2467023a8f6" score = 75 @@ -86959,8 +86959,8 @@ rule ELASTIC_Linux_Trojan_Xpmmap_7Dcc3534 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "765546a981921187a4a2bed9904fbc2ccb2a5876e0d45c72e79f04a517c1bda3" logic_hash = "v1_sha256_f88cc0f02797651e8cdf8e25b67a92f7825ec616b79df21daae798b613baf334" score = 75 @@ -86988,8 +86988,8 @@ rule ELASTIC_Windows_Vulndriver_Ccprotect_0D3Ee86F : FILE MEMORY date = "2024-09-09" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_CCProtect.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_CCProtect.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5f0cfe8357bb52b45068ddbac053e32bc38e6cb5e086746f5402657b0a5cfb1c" logic_hash = "v1_sha256_4da5cf6b5cd00f8f7ba6daf8e8b4c6161cf9e0166dea39943b32a54f35dfd6c2" score = 75 @@ -87019,8 +87019,8 @@ rule ELASTIC_Linux_Trojan_Shellbot_65Aa6568 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "457d1f4e1db41a9bdbfad78a6815f42e45da16ad0252673b9a2b5dcefc02c47b" logic_hash = "v1_sha256_46558801151ddc2f25bf46a278719f027acca2a18d2a9fcb275f4d787fbb1f0b" score = 75 @@ -87048,8 +87048,8 @@ rule ELASTIC_Linux_Trojan_Nuker_12F26779 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Nuker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Nuker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "440105a62c75dea5575a1660fe217c9104dc19fb5a9238707fe40803715392bf" logic_hash = "v1_sha256_8bafbc2792bd4cacd309efd72d2d8787342685d66785ea41cb57c91519a3c545" score = 75 @@ -87077,8 +87077,8 @@ rule ELASTIC_Windows_Ransomware_Wannacry_D9855102 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0b7878babbaf7c63d808f3ce32c7306cb785fdfb1ceb73be07fb48fdd091fdfb" logic_hash = "v1_sha256_5edf6a42c9f20de3819b46f24be243940b79e7e9004fee3d601794ea0b534cf1" score = 75 @@ -87113,8 +87113,8 @@ rule ELASTIC_Linux_Virus_Staffcounter_D2D608A8 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "06e562b54b7ee2ffee229c2410c9e2c42090e77f6211ce4b9fa26459ff310315" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e30f1312eb1cbbc4faba3f67527a4e0e955b5684a1ba58cdd82a7a0f1ce3d2b9" score = 75 quality = 75 @@ -87141,8 +87141,8 @@ rule ELASTIC_Linux_Ransomware_Ragnarlocker_9F5982B8 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f668f74d8808f5658153ff3e6aee8653b6324ada70a4aa2034dfa20d96875836" logic_hash = "v1_sha256_c08579dc675a709add392a0189d01e05af61034b72f451d2b024c89c1299ee6c" score = 75 @@ -87172,8 +87172,8 @@ rule ELASTIC_Windows_Ransomware_Royal_B7D42109 : FILE MEMORY date = "2022-11-04" modified = "2022-12-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Royal.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Royal.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "491c2b32095174b9de2fd799732a6f84878c2e23b9bb560cd3155cbdc65e2b80" logic_hash = "v1_sha256_06f4a1487e97e0b8c1f5df380ab4f90b37ef0a508aba7dac272c16c8371d8143" score = 75 @@ -87204,8 +87204,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_89E64044 : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d" logic_hash = "v1_sha256_bd504b078704b9f307a50c8556c143eee061015a9727670137aadc47ae93e2a6" score = 75 @@ -87235,8 +87235,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_A1C60939 : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d" logic_hash = "v1_sha256_6e6d88251e93f69788ad22fc915133f3ba0267984d6a5004d5ca44dcd9f5f052" score = 75 @@ -87264,8 +87264,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_369E1E94 : FILE MEMORY date = "2022-07-05" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee" logic_hash = "v1_sha256_c34dafc024d85902b85fc3424573abb8781d6fab58edd86c255266db3635ce98" score = 75 @@ -87299,8 +87299,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_D7Fc4594 : FILE MEMORY date = "2021-05-20" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893" logic_hash = "v1_sha256_0083fb64955973e7dbbb35d08cb780fa0b4ff4d064c102dc8f86e29af8358bad" score = 75 @@ -87328,8 +87328,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_Aceac5D9 : FILE MEMORY date = "2021-05-20" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893" logic_hash = "v1_sha256_888ab06b55b07879ee6b9a45c04f1a09c570aeb4be55c698300566d57fd47252" score = 75 @@ -87357,8 +87357,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1388212A : FILE MEMORY date = "2021-04-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a" logic_hash = "v1_sha256_1b717453810455e3f530e399f5f9f163d1ad0d71a5464fa5c68aa82edd699cda" score = 75 @@ -87410,8 +87410,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_674Fd079 : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a" logic_hash = "v1_sha256_f63f3de05dd4f4f40cda6df67b75e37d7baa82c4b4cafd3ebdca35adfb0b15f8" score = 75 @@ -87453,8 +87453,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_355D5D3A : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "945245ca795e0a3575ee4fdc174df9d377a598476c2bf4bf0cdb0cde4286af96" logic_hash = "v1_sha256_c6b48ab2cc92deb507d7eead1fb6381ee40b698e84d9eaac45288f95dbda66b3" score = 75 @@ -87497,8 +87497,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_71Fe23D9 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "856687718b208341e7caeea2d96da10f880f9b5a75736796a1158d4c8755f678" logic_hash = "v1_sha256_6d1e84bb8532c6271ad3966055eac8d60ec019d8ae6632efb59463c35b46ad9b" score = 75 @@ -87527,8 +87527,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_B393864F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe" logic_hash = "v1_sha256_d09cb7f753675e0b6ecd8a7977ca7f8d313e5d525f05170fc54b265c2ae6c188" score = 75 @@ -87557,8 +87557,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1Ff74F7E : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1b6aad500d45de7b076942d31b7c3e77487643811a335ae5ce6783368a4a5081" logic_hash = "v1_sha256_f47f760b4c373a073399c69681e76eb9dde6cfdb36c1cc31d7131376493931c0" score = 75 @@ -87587,8 +87587,8 @@ rule ELASTIC_Windows_Vulndriver_Hpportio_B31E3473 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5" logic_hash = "v1_sha256_e449b45f3cf2836254614bbdc957aa7093162fc1acd672edd931d5f240503963" score = 75 @@ -87618,8 +87618,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_12374E97 : FILE MEMORY CVE_2009_2698 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "656fddc1bf4743a08a455628b6151076b81e604ff49c93d797fa49b1f7d09c2f" logic_hash = "v1_sha256_ed86a239b909681f2ab3503cfedf202dbe5f53a6f554cf4db13f08bee625c0b7" score = 75 @@ -87647,8 +87647,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_Cc04Dddd : FILE MEMORY CVE_2009_2698 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "502b73ea04095e8a7ec4e8d7cc306242b45850ad28690156754beac8cd8d7b2d" logic_hash = "v1_sha256_68daa56ca98cc8f713faa138432190d19c27f07b2182a1f82347a3bfc5821ebb" score = 75 @@ -87676,8 +87676,8 @@ rule ELASTIC_Linux_Trojan_Morpes_D2Ae1Edf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Morpes.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Morpes.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "14c4c297388afe4be47be091146aea6c6230880e9ea43759ef29fc1471c4b86b" logic_hash = "v1_sha256_27eb8b4d0f91477c2ac26a5e25bfc52903faf5501300ec40773d3fc6797c3218" score = 75 @@ -87705,8 +87705,8 @@ rule ELASTIC_Windows_Trojan_Tofsee_26124Fe4 : FILE MEMORY date = "2022-03-31" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494" logic_hash = "v1_sha256_e765953dec7c7b2a1fbebf92c2fff46453c8258722ad5ca92ba4c7526a8b0c66" score = 75 @@ -87735,8 +87735,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_D6Cc23Af : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8" logic_hash = "v1_sha256_6a1f5de3a0daf446ceb812a9f5749410a3a7752dce44e935adc288c95816f59d" score = 75 @@ -87766,8 +87766,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_68682378 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a" logic_hash = "v1_sha256_8510de6fc33bde153f3bd4d1bb8b0d98ce69aae479d242c6043ac8c712dbb888" score = 75 @@ -87797,8 +87797,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_684A5123 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e" logic_hash = "v1_sha256_7c0c7e14f9b5085a87e5dbe27feb8e49bdb4d2fdcfbcbc643999d7969d118240" score = 75 @@ -87828,8 +87828,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_E0B6Cf55 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e" logic_hash = "v1_sha256_dccbf6fa46de1a8bc6438578b651055e2d02d15bd04461be74059e6fde40fca3" score = 75 @@ -87857,8 +87857,8 @@ rule ELASTIC_Windows_Ransomware_Conti_89F3F6Fa : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Conti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Conti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe" logic_hash = "v1_sha256_4c1834e45d5e42f466249b75a89561ce1e88b9e3c07070e2833d4897fbed22ee" score = 75 @@ -87886,8 +87886,8 @@ rule ELASTIC_Macos_Backdoor_Keyboardrecord_832F7Bac : FILE date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6" logic_hash = "v1_sha256_5719681d50134edacb5341034314c33ed27e9325de0ae26b2a01d350429c533b" score = 75 @@ -87919,8 +87919,8 @@ rule ELASTIC_Windows_Trojan_Sadbridge_6E83Eaeb : FILE MEMORY date = "2024-11-05" modified = "2024-12-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SadBridge.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SadBridge.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b432cdd217b171f3ad4a8a959fa0357bd7917f078a9546aed1649af00fc4bda6" logic_hash = "v1_sha256_5883675a7c6f0271f26d70031a48ed59504ef4f01826e978124ab4876d23cbf2" score = 75 @@ -87948,8 +87948,8 @@ rule ELASTIC_Windows_Hacktool_Sleepobfloader_460A1A75 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "84b3bc58ec04ab272544d31f5e573c0dd7812b56df4fa445194e7466f280e16d" logic_hash = "v1_sha256_c0bc1b7ef71c1a91fc487f904315c6f187530ab39825f90f55ac36625d5b93cf" score = 75 @@ -87979,8 +87979,8 @@ rule ELASTIC_Windows_Vulndriver_Tmcomm_333F3851 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64" logic_hash = "v1_sha256_a4464fb7edbacb6d9c8d6b385f9cc28685f0bed40876eecd5a7c87e0707e3025" score = 75 @@ -88010,8 +88010,8 @@ rule ELASTIC_Windows_Vulndriver_Fiddrv_E7875A5A : FILE date = "2023-07-25" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_FidDrv.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_FidDrv.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4bf4cced4209c73aa37a9e2bf9ff27d458d8d7201eefa6f6ad4849ee276ad158" logic_hash = "v1_sha256_aa1635c651c8364ad2ee93b369dd583fce699001d753e46de013c476d185eef1" score = 75 @@ -88043,8 +88043,8 @@ rule ELASTIC_Windows_Trojan_Netwire_6A7Df287 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Netwire.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Netwire.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254" logic_hash = "v1_sha256_d5f36e2a81cf0a9037267d39266b4c31ca9c07b05fb9772e296aeac2da6051a5" score = 75 @@ -88072,8 +88072,8 @@ rule ELASTIC_Windows_Trojan_Netwire_1B43Df38 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Netwire.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Netwire.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254" logic_hash = "v1_sha256_bb0eb1c1969bc1416e933822843293c5d41bf9bc3d402fa5dbdc3cdf2f4b394a" score = 75 @@ -88103,8 +88103,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F85E4Abc : FILE MEMORY date = "2022-08-14" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Netwire.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Netwire.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776" logic_hash = "v1_sha256_af8fc8fff2e1a0b6c87ac6d24fecf2e1cefe6313ec66da13fddd1be25c1c3d92" score = 75 @@ -88132,8 +88132,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F42Cb379 : FILE MEMORY date = "2022-08-14" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Netwire.yar#L66-L90" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Netwire.yar#L66-L90" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776" logic_hash = "v1_sha256_fc1436596987d3971a464e707ee6fd5689e7d2800df471c125c1e3f748537f5d" score = 75 @@ -88166,8 +88166,8 @@ rule ELASTIC_Windows_Exploit_Rpcjunction_0405253B : FILE date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "05588fe3d2aae1273e9d0b0ac00c867d92bcdea41c33661760dcbe84439e7949" logic_hash = "v1_sha256_c663285d81e00bf6b028cdb043da3c6d5033a0c100d9c626acfa26d67bc1c093" score = 75 @@ -88197,8 +88197,8 @@ rule ELASTIC_Windows_PUP_Veriato_Fae5978C : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_PUP_Veriato.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_PUP_Veriato.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "53f09e60b188e67cdbf28bda669728a1f83d47b0279debf3d0a8d5176479d17f" logic_hash = "v1_sha256_8ae6f8b2b6e3849b33e6a477af52982efe137d7ebeff0c92cee5667d75f05145" score = 75 @@ -88228,8 +88228,8 @@ rule ELASTIC_Windows_Hacktool_Sharpersist_06606812 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8" logic_hash = "v1_sha256_ddabfb54422f6fb2ad6999b724b1d8f186adf71f96f01a8770715029529e869a" score = 75 @@ -88261,8 +88261,8 @@ rule ELASTIC_Windows_Trojan_Lurker_0Ee51802 : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Lurker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Lurker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5718fd4f807e29e48a8b6a6f4484426ba96c61ec8630dc78677686e0c9ba2b87" logic_hash = "v1_sha256_782926c927dce82b95e51634d5607c474937e1edc0f7f739acefa0f4c03aa753" score = 75 @@ -88290,8 +88290,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ea9532Df : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dfe32d97eb48fb2afc295eecfda3196cba5d27ced6217532d119a764071c6297" logic_hash = "v1_sha256_4944f5a2632bfe0abebfa6f658ed3f71e4d97efcb428ed0987e2071dfd66e6a9" score = 75 @@ -88319,8 +88319,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ee0C719A : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e711b2d9323582aa390cf34846a2064457ae065c7d2ee1a78f5ed0859b40f9c0" logic_hash = "v1_sha256_3ca12ea0f1794935ea570dda83f33d04ffb19b6664cc1c8b1cbeed59ac04a01a" score = 75 @@ -88349,8 +88349,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_364F3B7B : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0d4c43bf0cdd6486a4bcab988517e58b8c15d276f41600e596ecc28b0b728e69" logic_hash = "v1_sha256_5950195453232e4752b58c9e466c4df1b5ca2b22d5325730de69cd4178438aa7" score = 75 @@ -88378,8 +88378,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3A2Ed31B : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ebbf3bc39ec661e2029d88960a5608e348de92089099019348bc0e891841690f" logic_hash = "v1_sha256_30cd10e38cbda719d9c344efd813e9a19e738a5251e3622957c8349e94366a29" score = 75 @@ -88407,8 +88407,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_7448814C : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e95d0783b635e34743109d090af17aef2e507e8c90060d171e71d9ac79e083ba" logic_hash = "v1_sha256_0024b2cc22bf6c2dfc3b73ba91080cea8d502659db38d94b19338382e2fc0c84" score = 75 @@ -88436,8 +88436,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_2Fa988E3 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "679392e78d4abefc05b885e43aaccc2da235bd7f2a267c6ecfbe2cf824776993" logic_hash = "v1_sha256_55c3992ca62ebaf8d45aff818d3261838d239f2004125689ea81edca2cfa59c2" score = 75 @@ -88465,8 +88465,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ea8801Ac : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7acccfd8c2e5555a3e3bf979ad2314c12a939c1ef32b66e61e30a712f07164fd" logic_hash = "v1_sha256_00a7f71a0559f937ace15465059147839598897467db6176040882d86111bcd2" score = 75 @@ -88494,8 +88494,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B2Ebdebd : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dee49d4b7f406fd1728dad4dc217484ced2586e014e2cd265ea64eff70a2633d" logic_hash = "v1_sha256_a9d6ffa65b503f9aa13a0054fa92e346c86585418b6b72131efc00340f8ec224" score = 75 @@ -88523,8 +88523,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9190D516 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "837ffed1f23293dc9c7cb994601488fc121751a249ffde51326947c33c5fca7f" logic_hash = "v1_sha256_370248d2b6bb625d65f160b62f1b4a7d2809f3fedfb98a009b19dab61f0ba57e" score = 75 @@ -88552,8 +88552,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3B460716 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8c4d49d4881ebdab1bd0e083d4e644cfc8eb7af3b96664598526ab3d175fc420" logic_hash = "v1_sha256_759e08c9e3405d841aa467c3343cfac01fed9e9d86aca90139d0eae8855942e5" score = 75 @@ -88581,8 +88581,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ccfd7518 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b1017db71cf195aa565c57fed91ff1cdfcce344dc76526256d5817018f1351bf" logic_hash = "v1_sha256_02720152af167f1a7e5707f97aa920c6d955458df58d8ef0d9eba868da6a16af" score = 75 @@ -88610,8 +88610,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_D41C2C63 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a4e5751b4e8fa2e9b70e1e234f435a03290c414f9547dc7709ce2ee4263a35f1" logic_hash = "v1_sha256_c9460cfc2b6d686145be9afd3ed670619f04c7155b03caa193222cba8405160d" score = 75 @@ -88639,8 +88639,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ffa7F059 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" logic_hash = "v1_sha256_b558066b80232ceb32c625f49a0ddeccd4b3bc52e664e5a72f2aa7361bcec352" score = 75 @@ -88668,8 +88668,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Fb24C7E4 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" logic_hash = "v1_sha256_17a2a628f2d1fa088a1e0c5b2ad3f08e24b8504033b328c944b9ae83a5d12fcc" score = 75 @@ -88697,8 +88697,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B45098Df : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e053aca86570b3781b3e08daab51382712270d2a375257c8b5789d3d87149314" logic_hash = "v1_sha256_4622551b73a12c5399df1f4e052ce32b4cee04486a870bc92942c8597dcad1f7" score = 75 @@ -88726,8 +88726,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9C67A994 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "70429d67402a43ed801e295b1ae1757e4fccd5d786c09ee054591ae51dfc1b25" logic_hash = "v1_sha256_742ce59fadefe242ca97d8ce603976fa8b5e1ba55ede38434c04dcd6f4891712" score = 75 @@ -88755,8 +88755,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ab87C1Ed : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c13c32d3a14cbc9c2580b1c76625cce8d48c5ae683230149a3f41640655e7f28" logic_hash = "v1_sha256_737f5ff982d2b656918ad3258ca20bce2ec416f2af743335b9a87a86f78be810" score = 75 @@ -88784,8 +88784,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_F1C0482A : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a12a1e8253ee1244b018fd3bdcb6b7729dfe16e06aed470f6b08344a110a4061" logic_hash = "v1_sha256_084ba60d8464ef5bf3a3aa942bb88caf447c6cee3ebf023157bd261226057663" score = 75 @@ -88813,8 +88813,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_5B78Aa01 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2e1d909e4a6ba843194f9912826728bd2639b0f34ee512e0c3c9e5ce4d27828e" logic_hash = "v1_sha256_bcf285ac220b2b2ed9caf0943fa22ee830e5b26501c54a223e483a33e2fc63c0" score = 75 @@ -88842,8 +88842,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_1B443A9B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a33112daa5a7d31ea1a1ca9b910475843b7d8c84d4658ccc00bafee044382709" logic_hash = "v1_sha256_4afcd7103a14d59abc08d9e03182a985e3d0250c09aad5e81fd110c6a95f29e0" score = 75 @@ -88871,8 +88871,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C36D3Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9" logic_hash = "v1_sha256_c1b61fce7593a44e47043fac8a6356f9aa9e74b66db005400684a5a79b69a5cd" score = 75 @@ -88900,8 +88900,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_3E81B1B7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9" logic_hash = "v1_sha256_54253df560e6552a728dc2651c557bc23ae8ec4847760290701438821c52342e" score = 75 @@ -88929,8 +88929,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_Cde7Cfd4 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cd646a1d59c99b9e038098b91cdb63c3fe9b35bb10583bef0ab07260dbd4d23d" logic_hash = "v1_sha256_47967d90a6dbb4461e22998aff5b7e68b4b9007ea7e5e30574ae1f1cfcbaa573" score = 75 @@ -88958,8 +88958,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_32D9Fb1B : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90" logic_hash = "v1_sha256_35ef4f3970484a46d705e6976a9932639d576717454b8e07ed24a72114d9c42d" score = 75 @@ -88987,8 +88987,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C3Cfc62 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90" logic_hash = "v1_sha256_da9804489f30b575d2b459f82570f5df07c1777f105cd373c4268f8a31fa4e43" score = 75 @@ -89016,8 +89016,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_A1311F49 : FILE MEMORY date = "2023-10-06" modified = "2023-10-26" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0175448655e593aa299278d5f11b81f2af76638859e104975bdb5d30af5c0c11" logic_hash = "v1_sha256_21838f230ac1a77f09d01d30f4ea3b66313618660e63ab7012b030e0b819547e" score = 75 @@ -89046,8 +89046,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3Fe1D02D : FILE MEMORY date = "2023-10-12" modified = "2023-10-26" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_4ef78d436a153ed751a8483c1e43ec2ba053dedfa0da2780fded42012d3042c1" score = 75 quality = 75 @@ -89074,8 +89074,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3673D337 : FILE MEMORY date = "2023-12-11" modified = "2024-01-12" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3013ba32838f6d97d7d75e25394f9611b1c5def94d93588f0a05c90b25b7d6d5" logic_hash = "v1_sha256_a92815f27533338e17afd5ebdbe82e382636fb81167a82d1b613c0dccc5b7ed3" score = 75 @@ -89104,8 +89104,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_8Ae8310B : FILE MEMORY date = "2024-05-27" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_GhostPulse.yar#L65-L84" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_GhostPulse.yar#L65-L84" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b64f91b41a7390d89cd3b1fccf02b08b18b7fed17a43b0bfac63d75dc0df083" logic_hash = "v1_sha256_b3873a3c728e98d65984033620c0ac8ee93be21db5b6d9bd4665b9f7d0d759fa" score = 75 @@ -89134,8 +89134,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_9E22C56D : FILE MEMORY date = "2024-07-21" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_GhostPulse.yar#L86-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_GhostPulse.yar#L86-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "349b4dfa1e93144b010affba926663264288a5cfcb7b305320f466b2551b93df" logic_hash = "v1_sha256_5dbd0d6a936a73e933181017c67c36fde7576b47643ec00848f7b58170bd9c6b" score = 75 @@ -89165,8 +89165,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_Bb38Fcb3 : FILE MEMORY date = "2024-10-15" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_GhostPulse.yar#L108-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_GhostPulse.yar#L108-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b54d9db283e6c958697bfc4f97a5dd0ba585bc1d05267569264a2d700f0799ae" logic_hash = "v1_sha256_95a7f663f0bac81a5426d722ec95e11f37fcde45cbf8ebd4e32b9f4c72873c2b" score = 75 @@ -89195,8 +89195,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_Caea316B : FILE MEMORY date = "2024-10-10" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_GhostPulse.yar#L129-L147" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_GhostPulse.yar#L129-L147" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "454e898405a10ecc06b4243c25f86c855203722a4970dee4c4e1a4e8e75f5137" logic_hash = "v1_sha256_740dad0ce9d6b7c5a4125db9c6ad36e767bacba478ee627032b7fe00431c6d7b" score = 75 @@ -89224,8 +89224,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_7054A0D0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3a6b3552ffac13aa70e24fef72b69f683ac221105415efb294fb9a2fc81c260a" logic_hash = "v1_sha256_f7153fb11e0e4bf422021cc0fab99536c2a193198bf70d7f2af2fa5c1971c028" score = 75 @@ -89253,8 +89253,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_144994A5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "v1_sha256_4d40337895e63d3dc6f0d94889863f0f5017533658210b902b08d84cf3588cab" score = 75 @@ -89282,8 +89282,8 @@ rule ELASTIC_Windows_Hacktool_Cheatengine_Fedac96D : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b20b339a7b61dc7dbc9a36c45492ba9654a8b8a7c8cbc202ed1dfed427cfd799" logic_hash = "v1_sha256_426b6d388f86dd935d8165af0fb7c8491c987542755ec4c7c53a35a9003f8680" score = 75 @@ -89312,8 +89312,8 @@ rule ELASTIC_Windows_Ransomware_Helloxd_0C50F01B : FILE MEMORY date = "2022-06-14" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "435781ab608ff908123d9f4758132fa45d459956755d27027a52b8c9e61f9589" logic_hash = "v1_sha256_71e09fa1a00fa6f3688129ee2b2a8957b84f64ef51fcba5123a6a9df80a9c7e1" score = 75 @@ -89348,8 +89348,8 @@ rule ELASTIC_Windows_Ransomware_Blackhunt_7B46Cb9C : FILE MEMORY date = "2024-03-12" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6c4e968c9b53906ba0e86a41eccdabe2b736238cb126852023e15850e956293d" logic_hash = "v1_sha256_97bb8436574fd814d8278e5a7043e011d0e4f9a7dd9df5e67605f28ac1af1e74" score = 50 @@ -89383,8 +89383,8 @@ rule ELASTIC_Linux_Exploit_Openssl_47C6Fad7 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Openssl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Openssl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8024af0931dff24b5444f0b06a27366a776014358aa0b7fc073030958f863ef8" logic_hash = "v1_sha256_4c60071ecd7b826e692710ae11b09be30e7df5833bcaa8642fea014e12b9abd7" score = 75 @@ -89412,8 +89412,8 @@ rule ELASTIC_Windows_Trojan_Lumma_693A5234 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Lumma.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Lumma.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88340abcdc3cfe7574ee044aea44808446daf3bb7bf9fc60b16a2b1360c5d9c0" logic_hash = "v1_sha256_2b29ac9bc73f191bdbfc92601cab923aa9f2f3380c8123ee469ced3754625dd0" score = 75 @@ -89442,8 +89442,8 @@ rule ELASTIC_Windows_Trojan_Lumma_30608A8C : FILE MEMORY date = "2024-10-07" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Lumma.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Lumma.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "672e06b9729da0616b103c19d68b812bed33e3e12c788a584f13925f81d68129" logic_hash = "v1_sha256_1793a535db3fd7e8ad3db4b2de22efffabbcd3e91d89f36de71e95dc0fa9012f" score = 75 @@ -89472,8 +89472,8 @@ rule ELASTIC_Windows_Trojan_Lumma_4Ad749B0 : FILE MEMORY date = "2024-11-08" modified = "2024-11-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Lumma.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Lumma.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1f953271bc983b3a561b85083bc14a13d18b81a34855d0a6d9fe902934347f92" logic_hash = "v1_sha256_2248fe539cd0ba17073f1e1650fb93fb755ebe4bc2505e11aa7db9635a0fcb8e" score = 75 @@ -89501,8 +89501,8 @@ rule ELASTIC_Windows_Trojan_Garble_Eae7F2F7 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Garble.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Garble.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4820a1ec99981e03675a86c4c01acba6838f04945b5f753770b3de4e253e1b8c" logic_hash = "v1_sha256_5d88579b0f0f71b8b4310c141fb243f39696e158227da0a1e0140b030b783c65" score = 75 @@ -89530,8 +89530,8 @@ rule ELASTIC_Windows_Trojan_Lobshot_013C1B0B : FILE MEMORY date = "2023-04-18" modified = "2023-04-23" reference = "https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6" logic_hash = "v1_sha256_e1fb245c3441c9bd393a47a9bed01bf7f62aa3ec36d460584d75e326e7e92ad4" score = 75 @@ -89569,8 +89569,8 @@ rule ELASTIC_Linux_Shellcode_Generic_5669055F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Shellcode_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Shellcode_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "87ef4def16d956cdfecaea899cbb55ff59a6739bbb438bf44a8b5fec7fcfd85b" logic_hash = "v1_sha256_735b8dc7fff3c9cc96646a4eb7c5afd70be19dcc821e9e26ce906681130746be" score = 75 @@ -89598,8 +89598,8 @@ rule ELASTIC_Linux_Shellcode_Generic_D2C96B1D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Shellcode_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Shellcode_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "403d53a65bd77856f7c565307af5003b07413f2aba50869655cdd88ce15b0c82" logic_hash = "v1_sha256_33d964e22c8e3046f114e8264d18e8b4a0e7b55eca59151b084db7eea07aa0b1" score = 75 @@ -89627,8 +89627,8 @@ rule ELASTIC_Linux_Shellcode_Generic_30C70926 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Shellcode_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Shellcode_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a742e23f26726293b1bff3db72864471d6bb4062db1cc6e1c4241f51ec0e21b1" logic_hash = "v1_sha256_3594994a911e5428198c472a51de189a6be74895170581ec577c49f8dbb9167a" score = 75 @@ -89656,8 +89656,8 @@ rule ELASTIC_Linux_Shellcode_Generic_224Bdcc4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Shellcode_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Shellcode_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bd22648babbee04555cef52bfe3e0285d33852e85d254b8ebc847e4e841b447e" logic_hash = "v1_sha256_8c4a2bb63f0926e7373caf0a027179b4730cc589f9af66d2071e88f4165b0f73" score = 75 @@ -89685,8 +89685,8 @@ rule ELASTIC_Linux_Shellcode_Generic_99B991Cd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Shellcode_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Shellcode_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "954b5a073ce99075b60beec72936975e48787bea936b4c5f13e254496a20d81d" logic_hash = "v1_sha256_664e213314fe1d6f1920de237ebea3a94f7fbc42eff089475674ccef812f0f68" score = 75 @@ -89714,8 +89714,8 @@ rule ELASTIC_Linux_Shellcode_Generic_24B9Aa12 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Shellcode_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Shellcode_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "24b2c1ccbbbe135d40597fbd23f7951d93260d0039e0281919de60fa74eb5977" logic_hash = "v1_sha256_4685253eb00a21d6dd6e874ff68209f20c8668262f24767086687555ccf934aa" score = 75 @@ -89743,8 +89743,8 @@ rule ELASTIC_Linux_Shellcode_Generic_8Ac37612 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Shellcode_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Shellcode_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c199b902fa4b0fcf54dc6bf3e25ad16c12f862b47e055863a5e9e1f98c6bd6ca" logic_hash = "v1_sha256_c0af751bc54dcd9cf834fa5fe9fa120be5e49a56135ebb72fd6073948e956929" score = 75 @@ -89772,8 +89772,8 @@ rule ELASTIC_Linux_Shellcode_Generic_932Ed0F0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Shellcode_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Shellcode_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f357597f718f86258e7a640250f2e9cf1c3363ab5af8ddbbabb10ebfa3c91251" logic_hash = "v1_sha256_20ae3f1d96f8afd0900ac919eacaff3bd748a7466af5bb2b9f77cfdc4b8b829e" score = 75 @@ -89801,8 +89801,8 @@ rule ELASTIC_Linux_Ransomware_Sfile_9E347B52 : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_SFile.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_SFile.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "49473adedc4ee9b1252f120ad8a69e165dc62eabfa794370408ae055ec65db9d" logic_hash = "v1_sha256_394571fd5746132d15da97428c3afc149435d91d5432eadf1c838d4a6433c7c1" score = 75 @@ -89831,8 +89831,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_8C6750B5 : FILE MEMORY date = "2023-06-05" modified = "2023-06-19" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "v1_sha256_03e36f927513625d1dd997c79843b1b14e344e8411155740213d7aff9794c5c6" score = 75 @@ -89865,8 +89865,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5B220E9C : FILE MEMORY date = "2024-02-06" modified = "2024-02-08" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d836b06b0118e6d258e318b1cfdc509cacc0859c6a6b3d7c5f4d2525e00d97b2" logic_hash = "v1_sha256_1d2158716b7c32734f12f8528352a3872e21fea2f9b21a36d6ac44fcd50a9f3c" score = 75 @@ -89900,8 +89900,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5441F511 : FILE MEMORY date = "2024-02-15" modified = "2024-02-21" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_fa44408874c6a007212dfc206cbecbac7a3e50df94da4ce02de2e04e9119c79f" score = 75 quality = 75 @@ -89934,8 +89934,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_95Db8B5A : FILE MEMORY date = "2024-02-15" modified = "2024-02-21" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_74073ceae1b26b953b7644d56a2ec92993b83802a30ce82c6921df5448ebab06" score = 75 quality = 75 @@ -89967,8 +89967,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_4034_1C8F235D : FILE CVE_2021_4034 date = "2022-01-26" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "94052c42aa41d0911e4b425dcfd6b829cec8f673bf1245af4050ef9c257f6c4b" logic_hash = "v1_sha256_217df6687076a715712a053672d7b02567a3ee38ce9c0ccf80d23fcfde35592a" score = 75 @@ -89997,8 +89997,8 @@ rule ELASTIC_Macos_Infostealer_Mdquerytcc_142313Cb : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Infostealer_MdQueryTCC.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Infostealer_MdQueryTCC.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8" logic_hash = "v1_sha256_e00015867ad0a0c440a49364945fe828d50675ecfd2039028653d97c77cff323" score = 75 @@ -90026,8 +90026,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_1Cab7Ea1 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8bae3ea4304473209fc770673b680154bf227ce30f6299101d93fe830da0fe91" score = 75 quality = 73 @@ -90055,8 +90055,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_7E802F95 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8f293cdbdc3c395e18c304dfa43d0dcdb52b18bde5b5d084190ceec70aea6cbd" score = 75 quality = 75 @@ -90085,8 +90085,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_Efafbe48 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c9d203620e0e6e04d717595ca70a5e5efa74abfc11e4e732d729caab2d246c27" score = 75 quality = 75 @@ -90122,8 +90122,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_5625D3F6 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8c22cf9dfbeba7391f6d2370c88129650ef4c778464e676752de1d0fd9c5b34e" score = 75 quality = 75 @@ -90154,8 +90154,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_6Cab0Ec0 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "v1_sha256_c19fe812b74b034bfb42c0e2ee552d879ed038e054c5870b85e7e610d3184198" score = 75 @@ -90183,8 +90183,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_293Bfea9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "v1_sha256_b8bd0d034a6306f99333723d77724ae53c1a189dad3fad7417f2d2fde214c24a" score = 75 @@ -90215,8 +90215,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_448Fa81D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "v1_sha256_ab0608920b9f632bad99e1358f21a88bc6048f46fca21a488a1a10b7ef1e42ae" score = 75 @@ -90246,8 +90246,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_768Df39D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_140ba93d57b27325f66b36132ecaab205663e3e582818baf377e050802c8d152" score = 75 quality = 75 @@ -90275,8 +90275,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_7Ce0B709 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_56fc05ece464d562ff6e56247756454c940c07b03c4a4c783b2bae4d5807247a" score = 75 quality = 75 @@ -90304,8 +90304,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_F11Ccdac : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_find_port.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_fcf578d3e98b591b33cb6f4bec1b9e92a7e1a88f0b56f3c501f9089d2094289c" score = 75 quality = 75 @@ -90333,8 +90333,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_D9B16F4C : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8e082878fb52f6314ec8c725dd279447ee8a0fc403c47ffd997712adb496e7c3" score = 75 quality = 75 @@ -90362,8 +90362,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_2992B917 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_10056ffb719092f83ad236a63ef6fa1f40568e500c042bd737575997bb67a8ec" score = 75 quality = 75 @@ -90391,8 +90391,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_27D409F1 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x64/shell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_b757e0ab6665a3e4846c6bbe4386e9d9a730ece00a2453933ce771aec2dd716e" score = 75 quality = 75 @@ -90420,8 +90420,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_65A2394B : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stages/osx/x86/vforkshell.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_f01f671b0bf9fa53aa3383c88ba871742f0e55dbdae4278f440ed29f35eb1ca1" score = 75 quality = 75 @@ -90449,8 +90449,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_C7B7A90B : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d4b1f01bf8434dd69188d2ad0b376fad3a4d9c94ebe74d40f05019baf95b5496" score = 75 quality = 75 @@ -90478,8 +90478,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_4Bd6Aaca : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_a3de610ced90679f6fa0dcdf7890a64369c774839ea30018a7ef6fe9289d3d17" score = 75 quality = 75 @@ -90507,8 +90507,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_5E5B685F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cdf0a3c07ef1479b53d49b8f22a9f93adcedeea3b869ef954cc043e54f65c3d0" logic_hash = "v1_sha256_003fb4f079b125f37899a2b3cb62d80edd5b3e5ccbed5bc1ea514a4a173d329d" score = 75 @@ -90536,8 +90536,8 @@ rule ELASTIC_Windows_Trojan_Beam_E41B243A : FILE MEMORY date = "2021-12-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Beam.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Beam.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8" logic_hash = "v1_sha256_295837743ecfa51e1713d19cba24ff8885c8716201caac058ae8b2bc9e008e6c" score = 75 @@ -90568,8 +90568,8 @@ rule ELASTIC_Windows_Trojan_Beam_5A951D13 : FILE MEMORY date = "2021-12-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Beam.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Beam.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8" logic_hash = "v1_sha256_3419b649717b69f07334bd966f438dd0b77f03572fe14f4b88ce95a2a86cae07" score = 75 @@ -90597,8 +90597,8 @@ rule ELASTIC_Windows_Trojan_Afdk_C952Fcfa : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Afdk.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Afdk.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0" logic_hash = "v1_sha256_a0589a3bf9e733e615b6e552395b3ff513e4fad7efd7d2ebea634aa91d2f60d9" score = 75 @@ -90626,8 +90626,8 @@ rule ELASTIC_Windows_Trojan_Afdk_5F8Cc135 : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Afdk.yar#L21-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Afdk.yar#L21-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0" logic_hash = "v1_sha256_0523a0cc3a4446f2ac88c72999568313c6b40f7f8975b8e332c0c6b1e48c5d76" score = 75 @@ -90657,8 +90657,8 @@ rule ELASTIC_Windows_Ransomware_Grief_9953339A : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Grief.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Grief.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0" logic_hash = "v1_sha256_f99ea1e1f59dc2999659cbe649e76001dd7139b1438440717b60f081d1e99d70" score = 75 @@ -90686,8 +90686,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_21B60705 : FILE MEMORY date = "2023-03-19" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ba97c51ba503fa4bdcfd5580c75436bc88794b4ae883afa1d92bb0b2a0f5efe" logic_hash = "v1_sha256_ef3f60689d72553111b42b27e0a1a0316288ae07fbfaf159eea8c76380d528fa" score = 75 @@ -90721,8 +90721,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_1Da1C2C2 : FILE MEMORY date = "2023-03-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9bfc4fed7afc79a167cac173bf3602f9d1f90595d4e41dab68ff54973f2cedc1" logic_hash = "v1_sha256_bf5d45fe79dacfc6aee5cfd788ec6ce77e99e55d5a6d294da57c126bedf75ee9" score = 75 @@ -90757,8 +90757,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Ae00F48C : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "56b5ff5132ec1c5836223ced287d51a9ecee8d2b081f449245e136b1262a8714" logic_hash = "v1_sha256_423b68717a7aead3c871e7fc744e35dad1cfd7727bfba2bdaec69fb782540380" score = 75 @@ -90788,8 +90788,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Cf5Dd2E2 : FILE MEMORY date = "2024-04-03" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d" logic_hash = "v1_sha256_039d6de0d072be6717ba3eb90735d7b4898d3bbac83db4feb75efcdbca8fd98b" score = 75 @@ -90820,8 +90820,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_C4760266 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Rhadamanthys.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Rhadamanthys.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "05074675b07feb8e7556c5af449f5e677e0fabfb09b135971afbb11743bf3165" logic_hash = "v1_sha256_b8c1c56681aac4e1b1741dfa3ea929677214873b6f1795423a80742f699249de" score = 75 @@ -90849,8 +90849,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_1F885282 : FILE MEMORY date = "2021-06-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409" logic_hash = "v1_sha256_c76941a83e18f11ed5af701e89616d324ddba613a95069997ea8f1830f328307" score = 75 @@ -90878,8 +90878,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_0F421617 : FILE MEMORY date = "2021-07-20" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080" logic_hash = "v1_sha256_0076ccbe43ae77e3a80164d43832643f077e659a595fff01c87694e2274c5e86" score = 75 @@ -90907,8 +90907,8 @@ rule ELASTIC_Windows_Trojan_P8Loader_E478A831 : FILE MEMORY date = "2023-04-13" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_f1a7de6bb4477ea82c18aea1ddc4481de2fc362ce5321f4205bb3b74c1c45a7e" score = 75 quality = 75 @@ -90942,8 +90942,8 @@ rule ELASTIC_Windows_Trojan_Stealc_B8Ab9Ab5 : FILE MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Stealc.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Stealc.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8" logic_hash = "v1_sha256_5fc5d5cea481d1d204d1aa6c52679a23eb59438df2fe547d14c00524772867bb" score = 75 @@ -90979,8 +90979,8 @@ rule ELASTIC_Windows_Trojan_Stealc_A2B71Dc4 : FILE MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Stealc.yar#L29-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Stealc.yar#L29-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8" logic_hash = "v1_sha256_b79ac3e65cd7d2819d6a49f59ec661241c97174f66a7c4ada91932f10fc43583" score = 75 @@ -91011,8 +91011,8 @@ rule ELASTIC_Windows_Trojan_Stealc_5D3F297C : FILE MEMORY date = "2024-03-05" modified = "2024-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Stealc.yar#L52-L70" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Stealc.yar#L52-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "885c8cd8f7ad93f0fd43ba4fb7f14d94dfdee3d223715da34a6e2fbb4d25b9f4" logic_hash = "v1_sha256_556d3bc9374a5ec23faa410900dfc94b5534434c9733165355d281976444a42b" score = 75 @@ -91040,8 +91040,8 @@ rule ELASTIC_Linux_Cryptominer_Presenoker_3Bb5533D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bbc155c610c7aa439f98e32f97895d7eeaef06dab7cca05a5179b0eb3ba3cc00" logic_hash = "v1_sha256_13bf69ea6bc7df5ba9ebffe67234657f2ecab99e28fd76d0bbedceaf9706a4dd" score = 75 @@ -91069,8 +91069,8 @@ rule ELASTIC_Windows_Hacktool_Sharpmove_05E28928 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "051f60f9f4665b96f764810defe9525ae7b4f9898249b83a23094cee63fa0c3b" logic_hash = "v1_sha256_021a56dd47d9929e71b82b00d24aa8969a31945681dcf414c69b8d175fb0b6eb" score = 75 @@ -91102,8 +91102,8 @@ rule ELASTIC_Windows_Vulndriver_Mtcbsv_7F6D642E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c" logic_hash = "v1_sha256_dfd53a2b97ad722307561fc5f109dcba372bf600113786bb351ed1262fdc8556" score = 75 @@ -91133,8 +91133,8 @@ rule ELASTIC_Macos_Trojan_Genieo_5E0F8980 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6c698bac178892dfe03624905256a7d9abe468121163d7507cade48cf2131170" logic_hash = "v1_sha256_76b725f6ae5755bb00d384ef2ae1511789487257d8bb7cb61b893226f03a803e" score = 75 @@ -91162,8 +91162,8 @@ rule ELASTIC_Macos_Trojan_Genieo_37878473 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0fadd926f8d763f7f15e64f857e77f44a492dcf5dc82ae965d3ddf80cd9c7a0d" logic_hash = "v1_sha256_bb04ae4e0a98e0dbd0c0708d5e767306e38edf76de2671523f4bd43cbcbfefc2" score = 75 @@ -91191,8 +91191,8 @@ rule ELASTIC_Macos_Trojan_Genieo_0D003634 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bcd391b58338efec4769e876bd510d0c4b156a7830bab56c3b56585974435d70" logic_hash = "v1_sha256_0412f88408fb14d1126ef091d0a5cc0ee2b2e39aeb241bef55208b59830ca993" score = 75 @@ -91220,8 +91220,8 @@ rule ELASTIC_Macos_Trojan_Genieo_9E178C0B : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b7760e73195c3ea8566f3ff0427d85d6f35c6eec7ee9184f3aceab06da8845d8" logic_hash = "v1_sha256_212f96ca964aceeb80c6d3282d488cfbb74aeffb9c0c9dd840a3a28f9bbdcbea" score = 75 @@ -91249,8 +91249,8 @@ rule ELASTIC_Windows_Trojan_Njrat_30F3C220 : FILE MEMORY date = "2021-06-13" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Njrat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Njrat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b" logic_hash = "v1_sha256_76347165829415646f943bb984cd17ca138cf238d03f114c498dbcec081d5ae3" score = 75 @@ -91283,8 +91283,8 @@ rule ELASTIC_Windows_Trojan_Njrat_Eb2698D2 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Njrat.yar#L26-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Njrat.yar#L26-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d537397bc41f0a1cb964fa7be6658add5fe58d929ac91500fc7770c116d49608" logic_hash = "v1_sha256_c32a641f2d639f56a8137b3e0d0be3261fba30084eeba9d1205974713413af9f" score = 75 @@ -91312,8 +91312,8 @@ rule ELASTIC_Windows_Trojan_Blackwood_2B94Bce9 : FILE MEMORY date = "2024-03-22" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c37dd77f659059da7e12e13b063036ee69097a4d2f88c170832fff78f3788991" logic_hash = "v1_sha256_279e85ce3bb974ce5af541e7307cb2fd1031f36c9da013756883172a765b0e19" score = 75 @@ -91348,8 +91348,8 @@ rule ELASTIC_Macos_Virus_Vsearch_0Dd3Ec6F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_17a467b000117ea6c39fbd40b502ac9c7d59a97408c2cdfb09c65b2bb09924e5" score = 75 quality = 75 @@ -91376,8 +91376,8 @@ rule ELASTIC_Macos_Virus_Vsearch_2A0419F8 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_fa9b811465e435bff5bc0f149ff65f57932c94f548a5ece4ec54ba775cdbb55a" score = 75 quality = 75 @@ -91404,8 +91404,8 @@ rule ELASTIC_Windows_Wiper_Doublezero_65Ec0C50 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe" logic_hash = "v1_sha256_bce33817d99f71b9d087ea079ef8db08b496315b72cf9d1cf6f0b107a604e52c" score = 75 @@ -91437,8 +91437,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_Db41F9D2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_81642b4ff1b6488098f019c5e992fc942916bc6eb593006cf91e878ac41509d6" score = 75 quality = 75 @@ -91465,8 +91465,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_77D184Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1bb44b567b3c82f7ee0e08b16f7326d1af57efe77d608a96b2df43aab5faa9f7" logic_hash = "v1_sha256_0ae9c41d3eb7964344f71b9708278a0e83776228e4455cf0ad7c08e288305203" score = 75 @@ -91494,8 +91494,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_C9888Edb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1d798e9f15645de89d73e2c9d142189d2eaf81f94ecf247876b0b865be081dca" logic_hash = "v1_sha256_608f2340b0ee4b843933d8137aa0908583a6de477e6c472fb4bd2e5bb62dfb80" score = 75 @@ -91523,8 +91523,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_81Fccd74 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "2a183f613fca5ec30dfd82c9abf72ab88a2c57d2dd6f6483375913f81aa1c5af" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_18f7ca953d22f02c1dbf03595a19b66ea582d2c1623f0042dcf15f86556ca41e" score = 75 quality = 75 @@ -91551,8 +91551,8 @@ rule ELASTIC_Windows_Trojan_Backoff_22798F00 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Backoff.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Backoff.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_65b5aff18a4e0bc29d7cc4cfbe2d5882f99a855727fe467b2ba2e2851c43d21b" score = 75 quality = 75 @@ -91584,8 +91584,8 @@ rule ELASTIC_Windows_Vulndriver_Gvci_F5A35359 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f" logic_hash = "v1_sha256_beb0c324358a016e708dae30a222373113a7eab8e3d90dfa1bbde6c2f7874362" score = 75 @@ -91613,8 +91613,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_563Ecb11 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39" logic_hash = "v1_sha256_b93e6ab097ccd4c348d228a48df098594e560e62256bfe019669ca9488221214" score = 75 @@ -91642,8 +91642,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_Ab3396D5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c5ec84e7cc891af25d6319abb07b1cedd90b04cbb6c8656c60bcb07e60f0b620" logic_hash = "v1_sha256_8c083f66fc252a88395bb954a67d710d64f5b68efb9df4b60b260302874b400a" score = 75 @@ -91671,8 +91671,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_F07357F1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39" logic_hash = "v1_sha256_cfe217fe108de787600d1ef06ac6738d84aedfc46e5632143692a9f83cb62df7" score = 75 @@ -91700,8 +91700,8 @@ rule ELASTIC_Linux_Exploit_Alie_E69De1Ee : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Alie.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Alie.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "882839549f062ab4cbe6df91336ed320eaf6c2300fc2ed64d1877426a0da567d" logic_hash = "v1_sha256_bb4625751c924b9ff5d32cc044fcff68892e82d9e94d679c4e4c8286f680a854" score = 75 @@ -91729,8 +91729,8 @@ rule ELASTIC_Linux_Trojan_Springtail_35D5B90B : FILE MEMORY date = "2024-05-18" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Springtail.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Springtail.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213" logic_hash = "v1_sha256_7158e60aedfde884d9ee01457abfe6d9b6b1df9cdc1c415231d98429866eaa6c" score = 75 @@ -91763,8 +91763,8 @@ rule ELASTIC_Windows_Trojan_Solarmarker_D466E548 : FILE MEMORY date = "2023-12-12" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "330f5067c93041821be4e7097cf32fb569e2e1d00e952156c9aafcddb847b873" hash = "e2a620e76352fa7ac58407a711821da52093d97d12293ae93d813163c58eb84b" logic_hash = "v1_sha256_c0792bc3c1a2f01ff4b8d0a12c95a74491c2805c876f95a26bbeaabecdff70e9" @@ -91793,8 +91793,8 @@ rule ELASTIC_Windows_Trojan_Solarmarker_08Bfc26B : FILE MEMORY date = "2024-05-29" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SolarMarker.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SolarMarker.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c1a6d2d78cc50f080f1fe4cadc6043027bf201d194f2b73625ce3664433a3966" logic_hash = "v1_sha256_b31b9f8460b606426c1101eba39a41a75c7ecaafc62388a6a5ac0f24057561ed" score = 75 @@ -91824,8 +91824,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_9F3A5Abb : FILE MEMORY date = "2022-11-24" modified = "2023-06-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94" logic_hash = "v1_sha256_27a34e48141fe260c16c12a2652e440d2540ca5f0c84b41c9c4762dcab44ffd4" score = 75 @@ -91860,8 +91860,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_2A2E3B9D : FILE MEMORY date = "2022-11-24" modified = "2023-06-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "38881b87826f184cc91559555a3456ecf00128e01986a9df36a72d60fb179ccf" logic_hash = "v1_sha256_c42605ebba900fafb4ec2d34d93bb7adb69e731ce151b82a95889dd0d738da00" score = 75 @@ -91890,8 +91890,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_23489175 : FILE MEMORY date = "2023-06-14" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "697742d5dd071add40b700022fd30424cb231ffde223d21bd83a44890e06762f" logic_hash = "v1_sha256_be41fc53f7098ca3cf718e8066a488196423ede993466c9a24ad2af387e03b24" score = 75 @@ -91926,8 +91926,8 @@ rule ELASTIC_Windows_Infostealer_Phemedronestealer_Bed8Ea8A : FILE MEMORY date = "2024-03-21" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "38279fdad25c7972be9426cadb5ad5e3ee7e9761b0a41ed617945cb9a3713702" logic_hash = "v1_sha256_88fc33abfe6c7a611aa0c354645b06e9e74121ffc9a5acd20b4d3a59287489d6" score = 75 @@ -91966,8 +91966,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_D74273B3 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_126246689b28e92ed10bfa6165f06ff7d4f0e062de7c58b821eaaf5e3cae9306" score = 75 quality = 75 @@ -91995,8 +91995,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_Bca25Ac6 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7670f9dafacc8fc5998c1974af66ede388c0997545da067648fec4fd053f0001" score = 75 quality = 75 @@ -92031,8 +92031,8 @@ rule ELASTIC_Macos_Infostealer_Mdquerytoken_1C52D574 : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Infostealer_MdQueryToken.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Infostealer_MdQueryToken.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_ede29154aae99bb67075e21acb694b089f9a1b366a4e2505cb761142393994a8" score = 75 quality = 71 @@ -92060,8 +92060,8 @@ rule ELASTIC_Macos_Virus_Pirrit_271B8Ed0 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7feda05d41b09c06a08c167c7f4dde597ac775c54bf0d74a82aa533644035177" logic_hash = "v1_sha256_cb77f6df1403afbc7f45d30551559b6de7eb1c3434778b46d31754da0a1b1f10" score = 75 @@ -92089,8 +92089,8 @@ rule ELASTIC_Windows_Hacktool_Sharpchromium_41Ce5080 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9dd65aa53728d51f0f3b9aaf51a24f8a2c3f84b4a4024245575975cf9ad7f2e5" logic_hash = "v1_sha256_50972a6e6af1d7076243320fb6559193e0c46ac1300aa62d12390fdeb2fffdcd" score = 75 @@ -92122,8 +92122,8 @@ rule ELASTIC_Windows_Trojan_Pingpull_09Dd9559 : FILE MEMORY date = "2022-06-16" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "de14f22c88e552b61c62ab28d27a617fb8c0737350ca7c631de5680850282761" logic_hash = "v1_sha256_114674b1a9acfc7643138d3b07885343a50c9d319b8d22a6ef34e916685c4469" score = 75 @@ -92157,8 +92157,8 @@ rule ELASTIC_Windows_Trojan_Privateloader_96Ac2734 : FILE MEMORY date = "2023-01-03" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "077225467638a420cf29fb9b3f0241416dcb9ed5d4ba32fdcf2bf28f095740bb" logic_hash = "v1_sha256_9f96f1c54853866e124d0996504e6efd3d154111390617999cc10520d7f68fe6" score = 75 @@ -92189,8 +92189,8 @@ rule ELASTIC_Linux_Virus_Thebe_1Eb5985A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Virus_Thebe.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Virus_Thebe.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "30af289be070f4e0f8761f04fb44193a037ec1aab9cc029343a1a1f2a8d67670" logic_hash = "v1_sha256_7d4bc4b1615048dec1f1fac599afa667e06ccb369bb1242b25887e0ce2a5066a" score = 75 @@ -92218,8 +92218,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_B9E88336 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "69876ee4d89ba68ee86f1a4eaf0a7cb51a012752e14c952a177cd5ffd8190986" logic_hash = "v1_sha256_b8d1c4c1e33fc0b54a62f82b8f53c9a1b051ad8c2f578d2a43f504158d1d9247" score = 75 @@ -92250,8 +92250,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_Ec14D5F2 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f45adcc2aad5c0fd900df4521f404bc9ca71b01e3378a5490f5ae2f0c711912e" logic_hash = "v1_sha256_2838851a5e013705b64625801d2ab1d56cfc17c52f75a5fd71448cb0a4b4b683" score = 75 @@ -92283,8 +92283,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_01365E46 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5c450d4be39caef1d9ec943f5dfeb6517047175fec166a52970c08cd1558e172" logic_hash = "v1_sha256_4d61de2cb37e12f62326c1717f6ed44554f5d2aa7ede6033d0c988e5e64df54d" score = 75 @@ -92312,8 +92312,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_06Fd4Ac4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_bde387f1e22d1399fb99f6d41732a37635d8e90f29626f2995914a073a7cac89" score = 75 quality = 75 @@ -92341,8 +92341,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Ce4305D1 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c547114475383e5d84f6b8cb72585ddd5778ae3afa491deddeef8a5ec56be1b5" score = 75 quality = 75 @@ -92369,8 +92369,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1E56Fad7 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_815b37804f79fb4607e6b84294882d818233c3df13aececb3d341244900a2e44" score = 75 quality = 75 @@ -92397,8 +92397,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_93C9A2A4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_dadeeba6147b118b80e014ab067eac7a2c3c2990958a6c7016562d8b64fef53c" score = 75 quality = 75 @@ -92425,8 +92425,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5340Afa3 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8b9d3c978f0c4a04ee5b3446b990172206b17496036bc1cc04180ea7e9b99734" score = 75 quality = 75 @@ -92453,8 +92453,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_E7932501 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_f82704a408a0cf1def2a5926dc4c02fa56afea1422c88ba41af50d44c60edb07" score = 75 quality = 75 @@ -92481,8 +92481,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cd0868D5 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_053a99e5e722fd2aa1cae96266cc344954f9c3a12d0851fa9d5e95a6420651f4" score = 75 quality = 75 @@ -92509,8 +92509,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_515504E2 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_5410068e09de4a1283f98f6364ddf243373e228ba060b00699db6323f1167684" score = 75 quality = 75 @@ -92537,8 +92537,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_A0Fc8F35 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7ab2b45ddfc1d7fa409a6ea3dfd8d4940e1bdf3fc0cb6c7e8d49c60e7bda5b1b" score = 75 quality = 75 @@ -92565,8 +92565,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cb95Dc06 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_563b2311d37ace2d09601a70325352db3fcbf135e7ce518965f5410081b5d626" score = 75 quality = 75 @@ -92593,8 +92593,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9D4D3Fa4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7c3c9917a95248fd990b6947a0304ded473bf1bcceec8f4498a7955e879d348b" score = 75 quality = 75 @@ -92621,8 +92621,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_34F00046 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_f9d646645d6726e3aac5cc3eaea9edf1c89c7e743aff7cfa73998a72f3446711" score = 75 quality = 75 @@ -92649,8 +92649,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F2A18B09 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c4c4b0b1df1e8fde87284fb27d46e917c47b479a675fec60faeca6185511907d" score = 75 quality = 75 @@ -92677,8 +92677,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D916Ae65 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e0aafe498cd9f0e8addfef78027943a754ca797aafae0cb40f1c6425de501339" score = 75 quality = 75 @@ -92705,8 +92705,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_52722678 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_6340171fdde68b32de480f1f410aa4c491a8fffa7c1f699bf5fa72a12ecb77b8" score = 75 quality = 75 @@ -92733,8 +92733,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_28A60148 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_20a26ed3f0da3a77867597494bf0069a2093ec19b1c5e179c0e7934c1b69d4b9" score = 75 quality = 75 @@ -92761,8 +92761,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_997B25A0 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_ca688086c4628c64c32a99083d620bcb5373e3100d154331451a3e9f86081aca" score = 75 quality = 75 @@ -92789,8 +92789,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_B17B33A1 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7fa69674d1e985bafe310597f23ae80113136768141f0a1931baf88b2509e6ef" score = 75 quality = 75 @@ -92817,8 +92817,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_23D77Ae5 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "844974a2d3266e1f9ba275520c0e8a5d176df69a0ccd5135b99facf798a5d209" logic_hash = "v1_sha256_e5f5cf854ebd0e25fffbd6796217f22223a06937e1cacb33baa105ac41731256" score = 75 @@ -92860,8 +92860,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5574Be7D : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8c5c0d27153f60ef8aec57def2f88e3d5f9a7385b5e8b8177bab55fa7fac7b18" logic_hash = "v1_sha256_ed0fc98c5d628ce38b923e1410eaf7a4a65ecffea42bed35314e30c99a52219b" score = 75 @@ -92905,8 +92905,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1473F0B4 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9cfb441eb5c60ab1c90b58d4878543ee554ada2cceee98d6b867e73490d30fec" logic_hash = "v1_sha256_dc13625e58c029c60b8670f8e63cd7786bf3e9705c462f3cbbf5b39e7c02f9a1" score = 75 @@ -92941,8 +92941,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Dcf25Dde : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ba2a255671d33677cab8d93531eb25c0b1f1ac3e3085b95365a017463662d787" logic_hash = "v1_sha256_64d15d92faf0919a8fa1ce6772750cde47eaa24b09cf4243393777334bad9712" score = 75 @@ -92993,8 +92993,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_46Dc12Dd : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bf38a787aee5afdcab00b95ccdf036bc7f91f07151b4444b54165bb70d649ce5" logic_hash = "v1_sha256_e01209a83f4743cbad7dda01595c053277868bd47208e48214b557ae339b5b3c" score = 50 @@ -93028,8 +93028,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_78A26074 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8cd75fa8650ebcf0a6200283e474a081cc0be57307e54909ee15f4d04621dde0" logic_hash = "v1_sha256_3837c22f7f9d55f03cb0bc1336798f0e2a91549c187b9f5136491cbafd26ce6e" score = 75 @@ -93073,8 +93073,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_217B9C97 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1e90a73793017720c9a020069ed1c87879174c19c3b619e5b78db8220a63e9b7" logic_hash = "v1_sha256_9b2b8a8154d4aba06029fd35d896331449f7baa961f183fb0cb47e890610ff99" score = 75 @@ -93119,8 +93119,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D2110921 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "05ef40f7745db836de735ac73d6101406e1d9e58c6b5f5322254eb75b98d236a" logic_hash = "v1_sha256_39ef17836f29c358f596e0047d582b5f1d1af523c8f6354ac8a783eda9969554" score = 75 @@ -93159,8 +93159,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_0114D469 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "083cb35a7064aa5589efc544ac1ed1b04ec0f89f0e60383fcb1b02b63f4117e9" logic_hash = "v1_sha256_6ca8e73f758d3fa956fe53cc83abb43806359f93df05c42a58e2f394a1a3c117" score = 75 @@ -93203,8 +93203,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_07239Dad : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dbd534f2b5739f89e99782563062169289f23aa335639a9552173bedc98bb834" logic_hash = "v1_sha256_231592d1a45798de6d22c922626ca28ef4019bae95d552a0f2822823d8dec384" score = 75 @@ -93248,8 +93248,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Fd7A39Af : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d5bb8d94b71d475b5eb9bb4235a428563f4104ea49f11ef02c8a08d2e859fd68" logic_hash = "v1_sha256_15cb286504e6167c78e194488555f565965a03e7714fe16692a115df26985a01" score = 75 @@ -93293,8 +93293,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_2D89E9Cd : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3963649ebfabe8f6277190be4300ecdb68d4b497ac5f81f38231d3e6c862a0a8" logic_hash = "v1_sha256_c15833687c2aed55aae0bb5de83c088cb66edeb4ad1964543522f5477c1f1942" score = 75 @@ -93348,8 +93348,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_32930807 : FILE MEMORY date = "2021-03-30" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d" logic_hash = "v1_sha256_e98503696bd72cab4d0d1633991bdb87c0537fd1e2d95507ccd474125328f318" score = 75 @@ -93380,8 +93380,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_618B27D2 : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e" logic_hash = "v1_sha256_e66a9dd7efdbff8b9e30119d0e99187e3dfa4ca1c1bc1ade0f8f1003d10e2620" score = 75 @@ -93424,8 +93424,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_6Eb31E7B : FILE MEMORY date = "2021-03-30" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3e3d82ea4764b117b71119e7c2eecf46b7c2126617eafccdfc6e96e13da973b1" logic_hash = "v1_sha256_5b6902c8644c79bd183725f0e41bf2f7ae425bf0eb1dddea6fd1a38b77f176ba" score = 75 @@ -93462,8 +93462,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_91516Cf4 : FILE MEMORY date = "2021-03-30" modified = "2021-08-31" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6cd0d4666553fd7184895502d48c960294307d57be722ebb2188b004fc1a8066" logic_hash = "v1_sha256_6c0bdd6827bebb337c0012cdb6e931cd96ce2ad61f3764f288b96ff049b2d007" score = 75 @@ -93495,8 +93495,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Be718Af9 : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c1f1bc58456cff7413d7234e348d47a8acfdc9d019ae7a4aba1afc1b3ed55ffa" logic_hash = "v1_sha256_d020f7d1637fc4ee3246e97c9acae0be1782e688154bd109f53f807211beebd7" score = 75 @@ -93529,8 +93529,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F8Dac4Bc : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "13d102d546b9384f944f2a520ba32fb5606182bed45a8bba681e4374d7e5e322" logic_hash = "v1_sha256_d4536aac0ee402abcb87826e45c892d6f39562bc1e39b72ae8880dc077f230d9" score = 75 @@ -93571,8 +93571,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9C0Fa8Fe : FILE MEMORY date = "2021-07-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f528c3ea7138df7c661d88fafe56d118b6ee1d639868212378232ca09dc9bfad" logic_hash = "v1_sha256_23aebc3139c34ecd609db7920fa0d5e194173409e1862555e4c468dad6c46299" score = 75 @@ -93600,8 +93600,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_584A227A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c823cb669f1d6cb9258d6f0b187609c226af23396f9c5be26eb479e5722a9d97" logic_hash = "v1_sha256_db3b6bbab48074449ae8b404f8fa77d93cde1ab8e57bd4ad981ac2afb8226494" score = 75 @@ -93629,8 +93629,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_Be0Bc02D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "24c0ba8ad4f543f9b0aff0d0b66537137bc78606b47ced9b6d08039bbae78d80" logic_hash = "v1_sha256_67c4f2d875f233b52fcbc24d9225c51af4dc09c27ce3915f0d756202bd4e5867" score = 75 @@ -93658,8 +93658,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_03Ee53D3 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "711eafd09d4e5433be142d54db153993ee55b6c53779d8ec7e76ca534b4f81a5" logic_hash = "v1_sha256_e7d9c66621ad3c56f3bb8150c17b10495053d9485b2143750aeefd3c55ab7943" score = 75 @@ -93687,8 +93687,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_8C36Ddc1 : FILE MEMORY date = "2022-12-14" modified = "2022-12-15" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "50c2f1bb99d742d8ae0ad7c049362b0e62d2d219b610dcf25ba50c303ccfef54" logic_hash = "v1_sha256_17ce8090b88100f00c07df0599cd51dc7682f4c43de989ce58621df97eca42fb" score = 75 @@ -93724,8 +93724,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_Ad3Fe5C6 : FILE MEMORY date = "2023-09-12" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb" logic_hash = "v1_sha256_b625221b77803c2c052db09c90a76666cf9e0ae34cb0d59ae303e890e646e94b" score = 75 @@ -93760,8 +93760,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_D801Ce71 : FILE MEMORY date = "2023-09-12" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb" logic_hash = "v1_sha256_c2d00d64d69cb5d24d76f6c551b49aa1acef1e1bab96f7ed7facc148244a8370" score = 75 @@ -93791,8 +93791,8 @@ rule ELASTIC_Windows_Hacktool_Rubeus_43F18623 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b7b4691ad1cdad7663c32d07e911a03d9cc8b104f724c2825fd4957007649235" logic_hash = "v1_sha256_8714f30e12c0dc61c83491a71dbf9f1e9b6bc66663a8f2c069e7a7841d52cf68" score = 75 @@ -93828,8 +93828,8 @@ rule ELASTIC_Multi_Ransomware_Luna_8614D3D7 : FILE MEMORY date = "2022-08-02" modified = "2022-08-16" reference = "https://www.elastic.co/security-labs/luna-ransomware-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_Luna.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_Luna.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1cbbf108f44c8f4babde546d26425ca5340dccf878d306b90eb0fbec2f83ab51" logic_hash = "v1_sha256_14e40c5b1a21ba31664ed31b04bfc4a8646b3e31f96d39e0928a3d6a50d79307" score = 75 @@ -93864,8 +93864,8 @@ rule ELASTIC_Linux_Trojan_Badbee_231Cb054 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Badbee.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Badbee.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "832ba859c3030e58b94398ff663ddfe27078946a83dcfc81a5ef88351d41f4e2" logic_hash = "v1_sha256_a1ed8f2da9b4f891a5c65d943424bb7c465f0d07e7756e292c617ce5ef14d182" score = 75 @@ -93893,8 +93893,8 @@ rule ELASTIC_Windows_Vulndriver_Marvinhw_37326842 : FILE date = "2022-07-21" modified = "2022-07-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5" logic_hash = "v1_sha256_f37290912ab7d997d718c074eef48a67a36444e9e97592b6be65855ade2ba246" score = 50 @@ -93925,8 +93925,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_D3F68E29 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d9c78c822dfd29a1d9b1909bf95cab2a9550903e8f5f178edeb7a5a80129fbdb" logic_hash = "v1_sha256_cc336e536e0f8dda47f9551dfabfc50c2094fffe4a69cdcec23824dd063dede0" score = 75 @@ -93956,8 +93956,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_365Ecbb9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf" logic_hash = "v1_sha256_66f16c8694c5cfde1b5e4eea03c530fa32a15022fa35acdbb676bb696e7deae2" score = 75 @@ -93985,8 +93985,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_4E7D4488 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf" logic_hash = "v1_sha256_708b21b687c8b853a9b5f8a50d31119e4f0a02a5b63f81ba1cac8c06acd19214" score = 75 @@ -94014,8 +94014,8 @@ rule ELASTIC_Macos_Trojan_Hloader_A3945Baf : FILE MEMORY date = "2023-10-23" modified = "2023-10-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1" logic_hash = "v1_sha256_0383485b6bbcdae210a6c949f6796023b2f7ec3f1edbd2116207fc2b75a67849" score = 75 @@ -94045,8 +94045,8 @@ rule ELASTIC_Linux_Trojan_Banload_D5E1C189 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Banload.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Banload.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "48bf0403f777db5da9c6a7eada17ad4ddf471bd73ea6cf02817dd202b49204f4" logic_hash = "v1_sha256_3f0bee251152a8c835a3bf71dc33c2e150705713c50ca2cfdbeb69361ed91a09" score = 75 @@ -94074,8 +94074,8 @@ rule ELASTIC_Linux_Exploit_Foda_F41E9Ef9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Foda.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Foda.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6059a6dd039b5efa36ce97acbb01406128aaf6062429474e422624ee69783ca8" logic_hash = "v1_sha256_7b15fef304b91601a76c6fcf48a892105d6eedf5a3e2395ab7c2937a84709d9f" score = 75 @@ -94103,8 +94103,8 @@ rule ELASTIC_Linux_Ransomware_Noescape_6De58E0C : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "46f1a4c77896f38a387f785b2af535f8c29d40a105b63a259d295cb14d36a561" logic_hash = "v1_sha256_c275d0cfdadcaabe57c432956e96b4bb344d947899fa5ad55b872e02b4d44274" score = 75 @@ -94134,8 +94134,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_83715433 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3648a407224634d76e82eceec84250a7506720a7f43a6ccf5873f478408fedba" logic_hash = "v1_sha256_7a7328322c2c1e128e267e92de0964e78ad9f49b7de8ec69d7f0632c69723a7d" score = 75 @@ -94163,8 +94163,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_28A2Fe0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_04bbc6c40cdd71b4185222a822d18b96ec8427006221f213a1c9e4d9c689ce5c" score = 75 quality = 73 @@ -94191,8 +94191,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eb96Cc26 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "440318179ba2419cfa34ea199b49ee6bdecd076883d26329bbca6dca9d39c500" logic_hash = "v1_sha256_3d8740a6cca4856a73ea745877a3eb39cbf3ad4ca612daabd197f551116efa04" score = 75 @@ -94220,8 +94220,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5008Aee6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b32cd71fcfda0a2fcddad49d8c5ba8d4d68867b2ff2cb3b49d1a0e358346620c" logic_hash = "v1_sha256_538bae17dcf0298e379f656e1dba794b75af6c7448a23253a51994bde9d30524" score = 75 @@ -94249,8 +94249,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6321B565 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730" logic_hash = "v1_sha256_ad5c73ab68059101acf2fd8cfb3d676fd1ff58811e1c4b9008c291361ee951b8" score = 75 @@ -94278,8 +94278,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A6A2Adb9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "v1_sha256_8f5fc4cb1ad51178701509a44a793e119fe7e7fad97eafcac8be14fce64e3b7b" score = 75 @@ -94307,8 +94307,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_C573932B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "v1_sha256_174a3fcebc1e17cc35ddc11fde1798164b5783fc51fdf16581a9690c3b4d6549" score = 75 @@ -94336,8 +94336,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A10161Ce : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_12ba13a746300d1ab1d0386b86ec224eebf4e6d0b3688495c2fee6a7eccc361d" score = 75 quality = 75 @@ -94364,8 +94364,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ae01D978 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c6c22b11dc1f0d4996e5da92c6edf58b7d21d7be40da87ddd39ed0e2d4c84072" score = 75 quality = 75 @@ -94392,8 +94392,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9E9530A7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "v1_sha256_6a5a80e58c86a80f8954e678a2cc26b258d7d7c50047a3e71f3580f1780e3454" score = 75 @@ -94421,8 +94421,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5Bf62Ce4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "v1_sha256_848e0c796584cfa21afc182da5f417f5467ae84c74f52cabc13e0f5de4990232" score = 75 @@ -94450,8 +94450,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F3D83A74 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "v1_sha256_2db46180e66c9268a97d63cd1c4eb8439e6882b4e3277bc4848e940e4d25482f" score = 75 @@ -94479,8 +94479,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_807911A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_66b15304d5ed22daea666bd0e2b18726b8a058361ff8d69b974bfded933a4d8c" score = 75 quality = 75 @@ -94507,8 +94507,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9C18716C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_0e70dc82b2049a6f5efcc501e18e6f87e04a2d50efcb5143240c68c4a924de52" score = 75 quality = 75 @@ -94535,8 +94535,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fbed4652 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2ea21358205612f5dc0d5f417c498b236c070509531621650b8c215c98c49467" logic_hash = "v1_sha256_fc1f501123ab7421034e183186b077f65838b475f883d4ff04e8fc8a283424ef" score = 75 @@ -94564,8 +94564,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_94A44Aa5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a7694202f9c32a9d73a571a30a9e4a431d5dfd7032a500084756ba9a48055dba" logic_hash = "v1_sha256_deb46c2960dc4868b7bac1255d8753895950bc066dec03674a714860ff72ef2c" score = 60 @@ -94593,8 +94593,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E0673A90 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "v1_sha256_149147eedd66f9ca2dad9cb69f37abc849d44331ec1b5d2917ab3867ced0b274" score = 75 @@ -94622,8 +94622,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_821173Df : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "de7d1aff222c7d474e1a42b2368885ef16317e8da1ca3a63009bf06376026163" logic_hash = "v1_sha256_1c6c7666983c43176aa1a9628fb4352f8f11729e02dda13669ca2e62aed5f4ee" score = 75 @@ -94651,8 +94651,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_31796A40 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "227c7f13f7bdadf6a14cc85e8d2106b9d69ab80abe6fc0056af5edef3621d4fb" logic_hash = "v1_sha256_0e0e901d12edd77e77a205f8547f891f483fc8676493e9b7a324e970225af3c9" score = 75 @@ -94680,8 +94680,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_750Fe002 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "v1_sha256_eb9907d8a63822c2e3ab57d43dca8ede7876610f029e2f9c10c9eeace9ea0078" score = 75 @@ -94709,8 +94709,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6122Acdf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_140b32a8f2b7493b068e63a05b3d9baec6ec14c9f2062c7e760dde96335e29f1" score = 75 quality = 75 @@ -94737,8 +94737,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A0A4De11 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "v1_sha256_220c6ba82b906f070123b3bae9aafa72c0fb3bc8d5858a4f4bd65567076eb73d" score = 75 @@ -94766,8 +94766,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A473Dcb6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7ba74e3cb0d633de0e8dbe6cfc49d4fc77dd0c02a5f1867cc4a1f1d575def97d" logic_hash = "v1_sha256_106ee9cd9c368674ae08b835f54dbb6918b553e3097aae9b0de88f55420f046b" score = 75 @@ -94795,8 +94795,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_30444846 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c84b81d79d437bb9b8a6bad3646aef646f2a8e1f1554501139648d2f9de561da" logic_hash = "v1_sha256_26bc95efb2ea69fece52cf3ab38ce35891c77fc0dac3e26e5580ba3a88e112e9" score = 75 @@ -94824,8 +94824,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ea92Cca8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_5a9598b3fd37b15444063403a481df1a43894ddcbbd343961e1c770cb74180c9" score = 75 quality = 73 @@ -94852,8 +94852,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D4227Dbf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "v1_sha256_7953b8d08834315a6ca2c0c8ac1ec7b74a6ffcb71cec4fc053c24e1b59232c0c" score = 75 @@ -94881,8 +94881,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_09C3070E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "v1_sha256_f8f8e8883cf1e51fbaef81b8334ac5fa45a54682d285282da62c80e4aa50a48d" score = 75 @@ -94910,8 +94910,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fa19B8Fc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a7cfc16ec33ec633cbdcbff3c4cefeed84d7cbe9ca1f4e2a3b3e43d39291cd6b" logic_hash = "v1_sha256_cddf3b9948b9bc685ff7d4c00377d0f80861169707777022297e549bd166dbf0" score = 75 @@ -94939,8 +94939,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eaa9A668 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "v1_sha256_05e9047342a9d081a09f8514f0ec32d72bc43a286035014ada90b0243f92cfa8" score = 75 @@ -94968,8 +94968,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_46Eec778 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1" logic_hash = "v1_sha256_08e77a31005e14a06197857301e22d20334c1f2ef7fc06a4208643438377f4c4" score = 75 @@ -94997,8 +94997,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F51C5Ac3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "v1_sha256_e82b5ddb760d5bdcd146e1de12ec34c4764e668543420765146e22dee6f5732b" score = 75 @@ -95026,8 +95026,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_71E487Ea : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b" logic_hash = "v1_sha256_3de9e0e3334e9e6e5906886f95ff8ce3596f85772dc25021fb0ee148281cf81c" score = 75 @@ -95055,8 +95055,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6620Ec67 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b91eb196605c155c98f824abf8afe122f113d1fed254074117652f93d0c9d6b2" logic_hash = "v1_sha256_2df2c8cdc2cb545f916159d44a800708b55a2993cd54a4dcf920a6a8dc6361e7" score = 75 @@ -95084,8 +95084,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D996D335 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda" logic_hash = "v1_sha256_212c75ab61eac8b3ed2049966628dfc81ae5a620b4a4b38aaa0696d594910dea" score = 75 @@ -95113,8 +95113,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D0C57A2E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2ac51f0943d573fdc9a39837aeefd9158c27a4b3f35fbbb0a058a88392a53c14" score = 75 quality = 75 @@ -95141,8 +95141,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_751Acb94 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1963351d209168f4ae2268d245cfd5320e4442d00746d021088ffae98e5da454" score = 75 quality = 75 @@ -95169,8 +95169,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_656Bf077 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "v1_sha256_0c9728304e720eb2cd00afad8d16f309514473dece48fa94af6a72ca41705a36" score = 75 @@ -95198,8 +95198,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E6D75E6F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8" logic_hash = "v1_sha256_339dd33a3313a4a94d2515cd4c2100ac6b9d5e0029881494c28dc3e7c8a05798" score = 75 @@ -95227,8 +95227,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_7167D08F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "v1_sha256_88c07bf06801192f38ef66229a0aa5c1ef6242caeb080ce1c7cd13ad0d540c82" score = 75 @@ -95256,8 +95256,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_27De1106 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "v1_sha256_4e266e1ae31d7d86866b112a04ca38c0a8185c18ebb10ac6497bbaa69f51b2fd" score = 75 @@ -95285,8 +95285,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_148B91A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825" logic_hash = "v1_sha256_1a974c0882c2d088c978a52e5b535807c86f117cf2f05c40c084e849b1849f5b" score = 75 @@ -95314,8 +95314,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_20F5E74F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b" logic_hash = "v1_sha256_067f1c15961c1ddceecb490b338db9f5b8501d89b38e870edfa628d21527dc1c" score = 75 @@ -95343,8 +95343,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_1B2E2A3A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "v1_sha256_6f40f868d20f0125721eb2a7934b356d69b695d4a558155a2ddcd0107d3f8c30" score = 75 @@ -95372,8 +95372,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_620087B9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "v1_sha256_411451ea326498a25af8be5cd43fe0b98973af354706268c89828b88ece5e497" score = 75 @@ -95401,8 +95401,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Dd0D6173 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "v1_sha256_7061edef1981e2b93bcdd8be47c0f6067acc140a543eed748bf0513f182e0a59" score = 75 @@ -95430,8 +95430,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_779E142F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "v1_sha256_80ba5a1cf333fafc6a1d7823ca4a8d5c30c1c07a01d6d681c22dd29e197089f1" score = 75 @@ -95459,8 +95459,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Cf84C9F2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "v1_sha256_9af164ece7e7e0f33dc32f18735a8f655593ae6cde34e05108f3221b71aa8676" score = 75 @@ -95488,8 +95488,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0Cd591Cd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_4300bdd173dfb33ca34c0f2fe4fa6ee071e99d5db201262e914721aad0ad433b" score = 75 quality = 75 @@ -95516,8 +95516,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_859042A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0" logic_hash = "v1_sha256_b8daa4a136a6511472703687fe56fbca2bd005a1373802a46c8d211b6d039d75" score = 75 @@ -95545,8 +95545,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33B4111A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "v1_sha256_a08c0f7be26e2e9abfaa392712895bb3ce1d12583da4060ebe41e1a9c1491b7c" score = 75 @@ -95574,8 +95574,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4F43B164 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f0fdb3de75f85e199766bbb39722865cac578cde754afa2d2f065ef028eec788" logic_hash = "v1_sha256_79a17e70e9b7af6e53f62211c33355a4c46a82e7c4e80c20ffe9684e24155808" score = 75 @@ -95603,8 +95603,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E4A1982B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_4cd7aa205b3571cffca208e315d6311fa92a5993e2a8e40d342d6184811f42f0" score = 75 quality = 75 @@ -95631,8 +95631,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_862C4E0E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1" logic_hash = "v1_sha256_a1dce44e76f9d2a517c4849c58dfecb07e1ef0d78fddff10af601184d636583f" score = 75 @@ -95660,8 +95660,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9127F7Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "v1_sha256_2b1fa115598561e081dfb9b5f24f6728b0d52cb81ac7933728d81646f461bcae" score = 75 @@ -95689,8 +95689,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0E03B7D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_845be03fac893f8e914aabda5206000dc07947ade0b8f46cc5d58d8458f035f6" score = 75 quality = 75 @@ -95717,8 +95717,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32Eb0C81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "v1_sha256_a06d9e1190ba79b0e19cab7468f01a49359629a6feb27b7d72f3d1d52d1483d7" score = 75 @@ -95746,8 +95746,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9Abf7E0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_00276330e388d07368577c4134343cb9fc11957dba6cff5523331199f1ed04aa" score = 75 quality = 75 @@ -95774,8 +95774,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33801844 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2ceff60e88c30c02c1c7b12a224aba1895669aad7316a40b575579275b3edbb3" logic_hash = "v1_sha256_20b8ebce14776e48310be099afd0dca0f28778d0024318b339b75e2689f70128" score = 75 @@ -95803,8 +95803,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A33A8363 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_3fe17dc43f07dacdad6ababf141983854b977e244c0af824fea0ab953ad70fee" score = 75 quality = 75 @@ -95831,8 +95831,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9A62845F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f67f8566beab9d7494350923aceb0e76cd28173bdf2c4256e9d45eff7fc8cb41" logic_hash = "v1_sha256_b3ab125c8bfb5b7a0be0e92cf5a50057e403ab3597698ec2e7a8bafa0d3a8b80" score = 75 @@ -95860,8 +95860,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4D81Ad42 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3021a861e6f03df3e7e3919e6255bdae6e48163b9a8ba4f1a5c5dced3e3e368b" logic_hash = "v1_sha256_57b54eed37690949ba2d4eff713691f16f00207d7b374beb7dfa2e368588dbb0" score = 75 @@ -95889,8 +95889,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6A510422 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_4384536817bf5df223d4cf145892b7714f2dbd1748930b6cd43152d4e35c9e56" score = 75 quality = 75 @@ -95917,8 +95917,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D2953F92 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d0af462d26f6ffe469c57d63f1f7d551e3fb9cc39c7e4c35b3e71f659c01c076" score = 75 quality = 75 @@ -95945,8 +95945,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6Ae4B580 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_eb0fe44df1c995c5d4e3a361c3e466f78cb70bffbc76d1b7b345ee651b313b9e" score = 75 quality = 75 @@ -95973,8 +95973,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D608Cf3B : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_ad5b7d32c85adc7f778a8f4815e595b90a6f15dec048bcf97c6ab179582eb4f7" score = 75 quality = 75 @@ -96001,8 +96001,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_3F8Cf56E : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1878f0783085cc6beb2b81cfda304ec983374264ce54b6b98a51c09aea9f750d" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_b2cf8b1913a88e6a6346f0ac8cd2e7c33b41d44bf60ff7327ae40a2d54748bd9" score = 75 quality = 75 @@ -96029,8 +96029,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fb14E81F : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2efb958c269640c374485502611372f4404cf35d7ab704d20ce37b8c1f69645d" score = 75 quality = 75 @@ -96057,8 +96057,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E09726Dc : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "1e64187b5e3b5fe71d34ea555ff31961404adad83f8e0bd1ce0aad056a878d73" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_ebd00e593a7fcd46e36fd0ca213e1f82c0f4a94448b6fd605d35cea45a490493" score = 75 quality = 75 @@ -96085,8 +96085,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ad12B9B6 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "f0411131acfddb40ac8069164ce2808e9c8928709898d3fb5dc88036003fe9c8" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_72a85d14eb8ab78364ea2e8b89d9409c0046b14602f4a3415d829f4985fb2de3" score = 75 quality = 75 @@ -96113,8 +96113,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0535Ebf7 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "77e18bb5479b644ba01d074057c9e2bd532717f6ab3bb88ad2b7497b85d2a5de" logic_hash = "v1_sha256_eb574468e9d371def0da74e6aba827272181399a84388a14ffb167ec6ebd40d1" score = 75 @@ -96142,8 +96142,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32A7Edd2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "v1_sha256_af26549c1cad0975735e2c233bc71e5e1b0e283d02552fdaea02656332ecd854" score = 75 @@ -96171,8 +96171,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D7F35B54 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "v1_sha256_d827e21c09b8dce65db293aa57b39f49f034537bb708471989ad64e653c479be" score = 75 @@ -96200,8 +96200,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F11E98Be : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "v1_sha256_9b9122f0897610dff6b37446b3cecbfcec3dce8dc7e1934e78cc32d5f6ac9648" score = 75 @@ -96229,8 +96229,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_8D4E4F4A : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "v1_sha256_11ee101a936f8e6949701e840ef48a0fe102099ea3b71c790b9a5128e5c59029" score = 75 @@ -96258,8 +96258,8 @@ rule ELASTIC_Linux_Exploit_Iouring_D04C1C19 : FILE MEMORY date = "2024-04-07" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_IOUring.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_IOUring.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "29e6a5f7b36e271219601528f3fd70831aacb8b9f05722779faa40afc97b3b60" logic_hash = "v1_sha256_b1d8d6090576b4b5bcd435eb69ee1dc1f1947115d38b62364cf1730a4f08d317" score = 75 @@ -96289,8 +96289,8 @@ rule ELASTIC_Multi_Trojan_Mythic_4Beb7E17 : FILE MEMORY date = "2023-08-01" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Mythic.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Mythic.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7b3b7bae1763f3c73df206f97065920fa55b973d22c967acb3d26ac8e89e60c7" score = 75 quality = 75 @@ -96327,8 +96327,8 @@ rule ELASTIC_Multi_Trojan_Mythic_E0Ea7Ef9 : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Mythic.yar#L30-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Mythic.yar#L30-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e091d63c8e8b0a32a3d25cffdf02419fdbec714f31e4061bafd80b1971831c5f" logic_hash = "v1_sha256_237307d85fe7886eb2cf351a9f7872e3e5551f05535f0b6a966a960d204aee90" score = 75 @@ -96369,8 +96369,8 @@ rule ELASTIC_Multi_Trojan_Mythic_528324B4 : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Mythic.yar#L63-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Mythic.yar#L63-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2cd883eab722a5eacbca7fa82e0eebb5f6c30cffa955abcb1ab8cf169af97202" logic_hash = "v1_sha256_8c85d086b30030a24fba9f519aed3fdf3c821932d71ceaecfe354fe07cd1d631" score = 75 @@ -96406,8 +96406,8 @@ rule ELASTIC_Windows_Trojan_Hazelcobra_6A9Fe48A : FILE MEMORY date = "2023-11-01" modified = "2023-11-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b5acf14cdac40be590318dee95425d0746e85b1b7b1cbd14da66f21f2522bf4d" logic_hash = "v1_sha256_dc4d561497c2e3da270d305ceaf3194b48d64c0d8e212ee6f03a2d89c8e006e8" score = 75 @@ -96438,8 +96438,8 @@ rule ELASTIC_Windows_Vulndriver_ATSZIO_E22Cc429 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece" logic_hash = "v1_sha256_e3f057d5a5c47a1f3b4d50e2ad0ebb3a4ffe0efe513a0d375f827fadb3328d80" score = 75 @@ -96468,8 +96468,8 @@ rule ELASTIC_Linux_Ransomware_Quantum_8513Fb8B : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3bcb9ad92fdca53195f390fc4d8d721b504b38deeda25c1189a909a7011406c9" logic_hash = "v1_sha256_7e24be541bafc2427ecd8f76b7774fb65d7421bc300503eeb068b8104e168c70" score = 75 @@ -96498,8 +96498,8 @@ rule ELASTIC_Windows_Trojan_Bitsloth_05Fc3A0A : FILE MEMORY date = "2024-07-16" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BITSloth.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BITSloth.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0944b17a4330e1c97600f62717d6bae7e4a4260604043f2390a14c8d76ef1507" logic_hash = "v1_sha256_8210dc28cf408f7f836aad3c32868ea21dd0862070c2c37d98b089a80be9285e" score = 75 @@ -96535,8 +96535,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_Cc0978Df : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d" logic_hash = "v1_sha256_e2fabf5889dbdc98dc6942be4fb0de4351d64a06bab945993b2a2c4afe89984e" score = 75 @@ -96565,8 +96565,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_B3Fa382B : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9" logic_hash = "v1_sha256_36a60b78de15a52721ad4830b37daffc33d7689e8b180fe148876da00562273a" score = 75 @@ -96594,8 +96594,8 @@ rule ELASTIC_Linux_Trojan_Asacub_D3C4Aa41 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Asacub.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Asacub.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "15044273a506f825859e287689a57c6249b01bb0a848f113c946056163b7e5f1" logic_hash = "v1_sha256_3645e10e5ef8c50e5e82d749da07f5669c5162cb95aa5958ce45a414b870f619" score = 75 @@ -96623,8 +96623,8 @@ rule ELASTIC_Windows_Trojan_Darkvnc_Bd803C2E : FILE MEMORY date = "2023-01-23" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0fcc1b02fdaf211c772bd4fa1abcdeb5338d95911c226a9250200ff7f8e45601" logic_hash = "v1_sha256_d9e8a42a424d6a186939682e1cd2ed794c8a3765824188e863b1b2829650e2d5" score = 75 @@ -96656,8 +96656,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_E8243Dae : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "760be95d4c04b10df89a78414facf91c0961020e80561eee6e2cb94b43b76510" logic_hash = "v1_sha256_c551bd87e73f980d8836b13449490de5e639d768b72d9006d90969f3140b28e2" score = 75 @@ -96685,8 +96685,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_Dd576D28 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "88cfe6d7c81d0064045c4198d6ec7d3c50dc3ec8e36e053456ed1b50fc8c23bf" logic_hash = "v1_sha256_7635ed94ca77c7705df4d2a9c5546ece86bf831b5bf5355943419174e0387b86" score = 75 @@ -96714,8 +96714,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_B4F2A520 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5d0d5373c5e52c4405f4bd963413e6ef3490b7c4c919ec2d4e3fb92e91f397a0" logic_hash = "v1_sha256_520d2194593f1622a3b905fe182a0773447a4eee3472e7701cce977f5bf4fbae" score = 75 @@ -96743,8 +96743,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_1Cae6E26 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e2ec3b2a93c473d88bfdf2deb1969d15ab61737acc1ee8e08234bc5513ee87ea" logic_hash = "v1_sha256_29c0edc03934e6e7275c3870a8808e03ec85dacb1f54e10efca3123d2257db98" score = 75 @@ -96772,8 +96772,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_25D3C5Ba : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_4d461ff9b87e3a17637cef89ff8a85ef22f69695d4664f6fe8f271a6a5f7b4bc" score = 75 quality = 75 @@ -96801,8 +96801,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_878Bae7E : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_94bed2220aeb41ae8069cee56cc5299b9fc56797d3b54085b8246a03d9e8bd93" score = 75 quality = 75 @@ -96831,8 +96831,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_6C726744 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_ee7586d5cbef23d1863a4dfcc5da9b97397c993268881922c681022bf4f293f0" score = 75 quality = 75 @@ -96864,8 +96864,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_1A4Ad952 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_bb854f5760f41e2c103c99d8f128a2546926a614dff8753eaa1287ac583e213a" score = 75 quality = 75 @@ -96893,8 +96893,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_72B5Fd9D : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_b2abc8f70df5d730ce6a7d0bc125bb623f27b292e7d575914368a8bfc0fb5837" score = 75 quality = 75 @@ -96922,8 +96922,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_8Ba51798 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_0733ae6a7e38bc2a25aa76a816284482d3ee25626559ec5af554b5f5070e534a" score = 75 quality = 75 @@ -96958,8 +96958,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_88Daaf8E : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_6fc463976c0fb9c3e4f25d854545d07800c63730826f3974298f0077d272cff0" score = 75 quality = 75 @@ -96987,8 +96987,8 @@ rule ELASTIC_Multi_Hacktool_Stowaway_89F1D452 : FILE MEMORY date = "2024-06-28" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Hacktool_Stowaway.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Hacktool_Stowaway.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c073d3be469c8eea0f007bb37c722bad30e06dc994d3a59773838ed8be154c95" logic_hash = "v1_sha256_c5db1335fea606ec32f7a6540ee4dee637dd2ad5aee27e092b89fa03ad085690" score = 75 @@ -97024,8 +97024,8 @@ rule ELASTIC_Windows_Trojan_Bandook_38497690 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Bandook.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Bandook.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4d079586a51168aac708a9ab7d11a5a49dfe7a16d9ced852fbbc5884020c0c97" logic_hash = "v1_sha256_199614993f63636764808313f25199348afdf4d537c8dca06f673559e34636b8" score = 75 @@ -97058,8 +97058,8 @@ rule ELASTIC_Windows_Ransomware_Lockfile_74185716 : FILE MEMORY date = "2021-08-31" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce" logic_hash = "v1_sha256_e922c2fc9dd52dd0238847a9d48691bea90d028cf680fc3a1a0dbdfef1d8dce3" score = 75 @@ -97090,8 +97090,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_D248E80E : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4800a67ceff340d2ab4f79406a01f58e5a97d589b29b35394b2a82a299b19745" logic_hash = "v1_sha256_5d33d243cd7f9d9189139eb34a4dd8d81882be200223d5c8e60dfd07ca98f94b" score = 75 @@ -97124,8 +97124,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_5B30A04B : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "41cbb7d79388eaa4d6e704bd4a8bf8f34d486d27277001c343ea3ce112f4fb0d" logic_hash = "v1_sha256_b89d0f25f08ffa35e075def6a29cf52a80500c6499732146426a71c741059a3b" score = 75 @@ -97155,8 +97155,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_445Bb666 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052" logic_hash = "v1_sha256_664829ff761186ec8f3055531b5490b7516756b0aa9d0183d4c17240a5ca44c4" score = 75 @@ -97184,8 +97184,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_A91D3907 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dc9c700f3f6a03ecb6e3f2801d4269599c32abce7bc5e6a1b7e6a64b0e025f58" logic_hash = "v1_sha256_e61ceea117acf444a6b137b93d7c335c6eb8a7e13a567177ec4ea44bf64fd5c6" score = 75 @@ -97213,8 +97213,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_8Ce3Fea8 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052" logic_hash = "v1_sha256_08c4b5b4afefbf1ee207525f9b28bc7eed7b55cb07f8576fddfa0bbe95002769" score = 75 @@ -97242,8 +97242,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_A7F19411 : FILE MEMORY date = "2022-01-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1fca1cd04992e0fcaa714d9dfa97323d81d7e3d43a024ec37d1c7a2767a17577" logic_hash = "v1_sha256_defc7ab43035c663302edfda60a4b57cb301b3d61662afe3ce1de2ac93cfc3e2" score = 75 @@ -97274,8 +97274,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_253C4D0D : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224" logic_hash = "v1_sha256_ba9e6dab664e464e0fdc65bd8bdccc661846d85e7fd8fbf089e72e9e5b71fb17" score = 75 @@ -97303,8 +97303,8 @@ rule ELASTIC_Linux_Exploit_Race_758A0884 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Race.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Race.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a4966baaa34b05cb782071ef114a53cac164e6dece275c862fe96a2cff4a6f06" logic_hash = "v1_sha256_ccba0e2ddefd53939cda6b4985def2d487ac5916cbad7374ac3143f02b9f7ff5" score = 75 @@ -97332,8 +97332,8 @@ rule ELASTIC_Multi_Ransomware_Akira_21842Eb3 : FILE MEMORY date = "2024-11-21" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_Akira.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_Akira.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75" logic_hash = "v1_sha256_1c50f4da476cef9f9818f8c0117621eae232be0245ad244babe51d493f0a5a48" score = 75 @@ -97361,8 +97361,8 @@ rule ELASTIC_Linux_Rootkit_Snapekit_01205A75 : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Snapekit.yar#L1-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Snapekit.yar#L1-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "58d1e56fff04affb4c8cbb5fc3ea848e88d1f05c07e6f730e1cf17100ef1b666" logic_hash = "v1_sha256_ba9b40481afb29a6db33fe61fe23b9f3895744da6737167788018396987bb533" score = 75 @@ -97427,8 +97427,8 @@ rule ELASTIC_Windows_Hacktool_Iox_98Cd1Cd8 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Iox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Iox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d4544a521d4e6eb07336816b1aae54f92c5c4fd2eb31dcfbdf26e4ef890e73db" logic_hash = "v1_sha256_d7f9e4f399410d54416e974fbd66b2caa27359ae0f2e33e01d62f1aa618daa34" score = 75 @@ -97459,8 +97459,8 @@ rule ELASTIC_Linux_Cryptominer_Xpaj_Fdbd614E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3e2b1b36981713217301dd02db33fb01458b3ff47f28dfdc795d8d1d332f13ea" logic_hash = "v1_sha256_70e6450f98411750361481aaad0d3ea079f58b1ae09970f04da09c20137a50fa" score = 75 @@ -97488,8 +97488,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_1Ef19A12 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "61df74731fbe1eafb2eb987f20e5226962eeceef010164e41ea6c4494a4010fc" logic_hash = "v1_sha256_25bd58d546549d208f9f95f4c27d1e58f86f87750dae1e293544cc92b25f8b32" score = 75 @@ -97520,8 +97520,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_34559Bcd : FILE MEMORY date = "2022-02-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1ffd6559d21470c40dcf9236da51e5823d7ad58c93502279871c3fe7718c901c" logic_hash = "v1_sha256_ebe7f6037f14e37b6efe81614c06c6d26fe0cc17d0475b8b19715f80d0d9aad3" score = 75 @@ -97555,8 +97555,8 @@ rule ELASTIC_Linux_Ransomware_Esxiargs_75A8Ec04 : FILE MEMORY date = "2023-02-09" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "11b1b2375d9d840912cfd1f0d0d04d93ed0cddb0ae4ddb550a5b62cd044d6b66" logic_hash = "v1_sha256_7316cab75c1bcf41ae6c96afa41ef96c37ab1bb679f36a0cc1dd08002a357165" score = 75 @@ -97588,8 +97588,8 @@ rule ELASTIC_Windows_Trojan_Avemaria_31D2Bce9 : FILE MEMORY date = "2021-05-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b" logic_hash = "v1_sha256_7ba59c3be07e35b415719b60b14a0f629619e5729c20f50f00dbea0c2f8bd026" score = 75 @@ -97629,8 +97629,8 @@ rule ELASTIC_Linux_Exploit_Moogrey_81131B66 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cc27b9755bd9feb1fb2c510f66e36c20a1503e6769cdaeee2bea7fe962d22ccc" logic_hash = "v1_sha256_dc2fe7caa38f665d24bbc673ff63491ebdeec8d56a420092243ce241238846cf" score = 75 @@ -97658,8 +97658,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_39C4Abd4 : FILE date = "2022-04-04" modified = "2022-08-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25" logic_hash = "v1_sha256_fd43503c9427a386674c06bb790e110ac23c27d8fc4adedbaa8a9b7cb0cbafd4" score = 75 @@ -97687,8 +97687,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_68D5Afbb : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a" logic_hash = "v1_sha256_0b5f0d408a5c4089ef496c5f8241a34d0468cc3d21e89e41dc105a0df0855d38" score = 75 @@ -97716,8 +97716,8 @@ rule ELASTIC_Windows_Hacktool_Processhacker_3D01069E : FILE date = "2022-03-30" modified = "2022-03-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4" logic_hash = "v1_sha256_bcba74aa20b62329c48060bfebaf49ab12f89f9ec3a09fc0c0cb702de5e2b940" score = 75 @@ -97745,8 +97745,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Bad95Bd6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8e8be482357ebddc6ac3ea9ee60241d011063f7e558a59e6bd119e72e4862024" logic_hash = "v1_sha256_8001e6503baeb52c66c9b30026544913270085406a1fe4c45d14629811d36d5f" score = 75 @@ -97774,8 +97774,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_66A14C03 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a2d8e2c34ae95243477820583c0b00dfe3f475811d57ffb95a557a227f94cd55" logic_hash = "v1_sha256_c8b2925c2e3f95e78f117ddd52e208d143d19ee75e9283f7f15d10e930eaac5f" score = 75 @@ -97803,8 +97803,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Eb83B6Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8dec88576f61f37fbaece3c30e71d338c340c8fb9c231f9d7b1c32510d2c3167" logic_hash = "v1_sha256_bc79860e414d07ee8000eea3d61827272d66faa90a8bf6c65fcda90a4bd762ef" score = 75 @@ -97832,8 +97832,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_Ffe07C79 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3" logic_hash = "v1_sha256_18b1c93c395b105f446b4c968441e0a43e42b1bd7efcf6501a89eb92cbd21824" score = 75 @@ -97861,8 +97861,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_852Ba283 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5" logic_hash = "v1_sha256_78acd081c2517f9c53cb311481c0cc40cc3699b222afc290da1a3698e7bf75b7" score = 75 @@ -97890,8 +97890,8 @@ rule ELASTIC_Linux_Ransomware_Clop_728Cf32A : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Clop.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Clop.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef" logic_hash = "v1_sha256_31c2fdfcfc46ad1dd69489536172937b9771d8505f36c7bd8dc796f40a2fe4d2" score = 75 @@ -97922,8 +97922,8 @@ rule ELASTIC_Linux_Trojan_Setag_351Eeb76 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Setag.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Setag.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_3519d9e4bfa18c19b49d0fa15ef78151bd13db9614406c4569720d20830f3cbb" score = 75 quality = 75 @@ -97950,8 +97950,8 @@ rule ELASTIC_Linux_Trojan_Setag_01E2F79B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Setag.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Setag.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b5e8486174026491341a750f6367959999bbacd3689215f59a62dbb13a45fcc" logic_hash = "v1_sha256_1e0336760f364acbbe0e8aec10bc7bfb48ed7e33cde56d8914617664cb93fd9b" score = 75 @@ -97979,8 +97979,8 @@ rule ELASTIC_Multi_Hacktool_Nps_C6Eb4A27 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Hacktool_Nps.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Hacktool_Nps.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4714e8ad9c625070ca0a151ffc98d87d8e5da7c8ef42037ca5f43baede6cfac1" logic_hash = "v1_sha256_53baf04f4ab8967761c6badb24f6632cc1bf4a448abf0049318b96855f30feea" score = 75 @@ -98013,8 +98013,8 @@ rule ELASTIC_Multi_Hacktool_Nps_F76F257D : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Hacktool_Nps.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Hacktool_Nps.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "80721b20a8667536a33fca50236f5c8e0c0d07aa7805b980e40818ab92cd9f4a" logic_hash = "v1_sha256_0bbd7f86bfd2967dc390510c2e403d05e1b56551b965ea716b9e5330f75c9bd5" score = 75 @@ -98046,8 +98046,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3490_D369D615 : FILE MEMORY CVE_2021_3490 date = "2021-11-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e65ba616942fd1e893e10898d546fe54458debbc42e0d6826aff7a4bb4b2cf19" logic_hash = "v1_sha256_6fa4b36366d2c255f5ccf0e22a06c7e17df74fddd06963787dbcd713b3e8aca6" score = 75 @@ -98086,8 +98086,8 @@ rule ELASTIC_Windows_Trojan_Hotpage_414F235F : FILE MEMORY date = "2024-07-18" modified = "2024-07-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_HotPage.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_HotPage.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b8464126b64c809b4ab47aa91c5f322ce2c0ae4fd668a43de738a5caa7567225" logic_hash = "v1_sha256_cfa0036b22a83a5396b3f9014511720071246a775053ad493791ebc1212400f2" score = 75 @@ -98121,8 +98121,8 @@ rule ELASTIC_Linux_Trojan_Chinaz_A2140Ca1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7c44c2ca77ef7a62446f6266a757817a6c9af5e010a219a43a1905e2bc5725b0" logic_hash = "v1_sha256_c9c63114e45b45b1c243af1f719cddc838a06a1f35d65dca6a2fb5574047eff0" score = 60 @@ -98150,8 +98150,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_B521801B : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "v1_sha256_609a0941b118d737124a5cd9c98c007e21557a239cfa3cf97cd3b4348c934f03" score = 75 @@ -98182,8 +98182,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_4Ce9Affb : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "v1_sha256_16441eb4617b6b3cb1e7d600959a5cbfe15c72c00361b45551b7ef4c81f78462" score = 75 @@ -98211,8 +98211,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_58A61Aaa : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "v1_sha256_7226e2f61bd6f1cca15c1f3f8d8697cb277d1e214f756295ffda5bc16304cc49" score = 75 @@ -98240,8 +98240,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_C7811Ccc : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "v1_sha256_e65dc05f6d9289a42c05afdc4da0ce1c18c1129dd87688a277ece925e83d7ef1" score = 75 @@ -98269,8 +98269,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_17Ee6A17 : FILE MEMORY date = "2021-06-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "497bc53c1c75003fe4ae3199b0ff656c085f21dffa71d00d7a3a33abce1a3382" logic_hash = "v1_sha256_0c868d0673c01e2c115d6822c34c877db77265251167f3a890a448a1de5c6a2d" score = 75 @@ -98306,8 +98306,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F54632Eb : FILE MEMORY date = "2021-06-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25" logic_hash = "v1_sha256_1779919556ee5c9a78342aabafb8408e035cb39632b25c54da6bf195894901dc" score = 75 @@ -98344,8 +98344,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_3D9371Fd : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a" logic_hash = "v1_sha256_1c8a64ce7615f502602ab960638dd55f4deaeea3b49d894274d64d4d0b6a1d10" score = 75 @@ -98379,8 +98379,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_63E7E006 : FILE MEMORY date = "2023-05-01" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e062c99dc9f3fa780ea9c6249fa4ef96bbe17fd1df38dbe11c664a10a92deece" logic_hash = "v1_sha256_2085eaf622b52372124e9b23d19e3e4a7fdb7a4559ad9a09216c1cbae96ca5b6" score = 75 @@ -98410,8 +98410,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F07B3Cb4 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5e491625475fc25c465fc7f6db98def189c15a133af7d0ac1ecbc8d887c4feb6" logic_hash = "v1_sha256_64536e3b340254554154ac1b33adfb4f3c72a2c6c0d1ef27827621b905d431c5" score = 75 @@ -98440,8 +98440,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_4Df4Bcb6 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9389475bd26c1d3fd04a083557f2797d0ee89dfdd1f7de67775fcd19e61dfbb3" logic_hash = "v1_sha256_d9027fa9c8d9c938159a734431bb2be67fd7cca1f898c2208f7b909157524da4" score = 75 @@ -98469,8 +98469,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_15Ee6903 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "46b506cafb2460ca2969f69bcb0ee0af63b6d65e6b2a6249ef7faa21bde1a6bd" logic_hash = "v1_sha256_22c8a1f4b5b94261cfabdbcc00e45b9437a0132d4e9d4543b734d4f303336696" score = 75 @@ -98499,8 +98499,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_6Dfafd7B : FILE MEMORY date = "2024-01-05" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "809e303ba26b894f006b8f2d3983ff697aef13b67c36957d98c56aae9afd8852" logic_hash = "v1_sha256_888bc2fdfae8673cd6bce56fc9894b3cab6d7e3c384d854d6bc8aef47fdecf1c" score = 75 @@ -98528,8 +98528,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_983Cd7A7 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7aa20c57b8815dd63c8ae951e1819c75b5d2deec5aae0597feec878272772f35" logic_hash = "v1_sha256_2104bad5ec42bc72ec611607a53086a85359bdb4bf084d7377e9a8e234b0e928" score = 75 @@ -98559,8 +98559,8 @@ rule ELASTIC_Multi_Trojan_Gosar_31Dba745 : FILE MEMORY date = "2024-11-05" modified = "2024-12-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Gosar.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Gosar.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4caf4b280e61745ce53f96f48a74dea3b69df299c3b9de78ba4731b83c76c334" logic_hash = "v1_sha256_116fb9c44a992067d50cd95715ffa320c6141f133eb8c9dc91b2db8559a8ee2d" score = 75 @@ -98594,8 +98594,8 @@ rule ELASTIC_Linux_Exploit_Local_47C64Fb6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0caa9035027ff88788e6b8e43bfc012a367a12148be809555c025942054a6360" logic_hash = "v1_sha256_7d977edd5fc90c6f03ed5558c690b3dd2102bbff9d7e5124403276405e15201b" score = 75 @@ -98623,8 +98623,8 @@ rule ELASTIC_Linux_Exploit_Local_76C24B62 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "330de2ca1add7e06389d94dfc541c367a484394c51663b26d27d89346b08ad1b" logic_hash = "v1_sha256_ff55d6a316394812cfa1108578aece91050bfb2f7e0f8c0440dcb64156f3e893" score = 75 @@ -98652,8 +98652,8 @@ rule ELASTIC_Linux_Exploit_Local_30C21B03 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a09c81f185a4ceed134406fa7fefdfa7d8dfc10d639dd044c94fbb6d570fa029" logic_hash = "v1_sha256_396965c457b2e02d7d524d9d5fb3cc76852895ed9675c7b1205a94f47ba10144" score = 75 @@ -98681,8 +98681,8 @@ rule ELASTIC_Linux_Exploit_Local_9Ace9649 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b38869605521531153cfd8077f05e0d6b52dca0fffbc627a4d5eaa84855a491c" logic_hash = "v1_sha256_d7a60b0cb7fcbd9e802660bda3e0456f7f4ef9db38b6dab131c160efce48909e" score = 75 @@ -98710,8 +98710,8 @@ rule ELASTIC_Linux_Exploit_Local_705C9589 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "845727ea46491b46a665d4e1a3a9dbbe6cd0536d070f1c1efd533b91b75cdc88" logic_hash = "v1_sha256_9834d564c2acc688750d5e6c53db7c1201ef85c6fb3d1d0ea2425a5ba905ff18" score = 75 @@ -98739,8 +98739,8 @@ rule ELASTIC_Linux_Exploit_Local_A677Fb9C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d20b260c7485173264e3e674adc7563ea3891224a3dc98bdd342ebac4a1349e8" logic_hash = "v1_sha256_9b43e651f73d17dbd2143cec4c79929723689ce738924588e38c99a9554e5545" score = 75 @@ -98768,8 +98768,8 @@ rule ELASTIC_Linux_Exploit_Local_78E50162 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "706c865257d5e1f5f434ae0f31e11dfc7e16423c4c639cb2763ec0f51bc73300" logic_hash = "v1_sha256_10a5bef486ec0ececfe0a9edfcad7ce053da2a97028cd1648aa27572fedd8ef6" score = 75 @@ -98797,8 +98797,8 @@ rule ELASTIC_Linux_Exploit_Local_3B767A1F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e05fed9e514cccbdb775f295327d8f8838b73ad12f25e7bb0b9d607ff3d0511c" logic_hash = "v1_sha256_0f24a7d4e8ff0899430aa0a702000f35039b07400120b382b675825630f0ea4e" score = 75 @@ -98826,8 +98826,8 @@ rule ELASTIC_Linux_Exploit_Local_2535C9B6 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d0f9cc114f6a1f788f36e359e03a9bbf89c075f41aec006229b6ad20ebbfba0b" logic_hash = "v1_sha256_222e929d8352ed02714a59b0e1b9777b0f2d80d63cb369fa9bf33460c84efbb2" score = 75 @@ -98855,8 +98855,8 @@ rule ELASTIC_Linux_Exploit_Local_6A9B5D50 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "80ab71dc9ed2131b08b5b75b5a4a12719d499c6b6ee6819ad5a6626df4a1b862" logic_hash = "v1_sha256_99a18bfb62c195bdea89c688fed4456fee33477878ecdee8a78cd4bf18ad539b" score = 75 @@ -98884,8 +98884,8 @@ rule ELASTIC_Linux_Exploit_Local_66557224 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f58151a2f653972e744822cdc420ab1c2b8b642877d3dfa2e8b2b6915e8edf40" logic_hash = "v1_sha256_5583f086d594ebdf5890a8a5fbee5c04fbddfe42adcae07480532d87e474ef0c" score = 75 @@ -98913,8 +98913,8 @@ rule ELASTIC_Linux_Exploit_Local_6229602F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Local.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Local.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4fdb15663a405f6fc4379aad9a5021040d7063b8bb82403bedb9578d45d428fa" logic_hash = "v1_sha256_c3ab6a36c0c2d430d576f7c0cfdc6d1affcd99d007e2d05596677da9bda5a19e" score = 75 @@ -98942,8 +98942,8 @@ rule ELASTIC_Linux_Trojan_Marut_47Af730D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Marut.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Marut.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_048ce8059be6697c5f507fb1912ac2adcedab87c75583dd84700984e6d0d81e6" score = 75 quality = 75 @@ -98970,8 +98970,8 @@ rule ELASTIC_Windows_Wiper_Hermeticwiper_7206A969 : FILE MEMORY date = "2022-02-24" modified = "2022-02-24" reference = "https://www.elastic.co/security-labs/elastic-protects-against-data-wiper-malware-targeting-ukraine-hermeticwiper" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591" logic_hash = "v1_sha256_84c61b8223a6ebf1ccfa4fdccee3c9091abca4553e55ac6c2492cff5503b4774" score = 75 @@ -99004,8 +99004,8 @@ rule ELASTIC_Macos_Exploit_Log4J_75A13888 : FILE MEMORY date = "2021-12-13" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Exploit_Log4j.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Exploit_Log4j.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_b09d8dd9c422e7eb8aa23f8b1204d31fd290252925099300d6d19d73e562ca5e" score = 75 quality = 75 @@ -99038,8 +99038,8 @@ rule ELASTIC_Macos_Trojan_Sugarloader_E7E1D99C : FILE MEMORY date = "2023-10-24" modified = "2023-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940" logic_hash = "v1_sha256_0689b704add81e8e7968d9dba5f60d45c8791209330f4ee97e218f8eeb22c88f" score = 75 @@ -99071,8 +99071,8 @@ rule ELASTIC_Linux_Cryptominer_Ursu_3C05F8Ab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d72361010184f5a48386860918052dbb8726d40e860ea0287994936702577956" logic_hash = "v1_sha256_8261e4ee40131cd7df61914cd7bdf154e8a2b5fa3abd9d301436f9371253f510" score = 75 @@ -99100,8 +99100,8 @@ rule ELASTIC_Linux_Ransomware_Limpdemon_95C748E0 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a4200e90a821a2f2eb3056872f06cf5b057be154dcc410274955b2aaca831651" logic_hash = "v1_sha256_e66906725c0af657d91771642908ac0b2c72a97c4d4f651dcc907c2c1437f2da" score = 75 @@ -99132,8 +99132,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_C57F3F88 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0f71b1805d7feb6830b856c5a5328d3a132af4c37fcd747d82beb0f61c77f6f5" logic_hash = "v1_sha256_408c6d811232dbd0c87f75fd28508366151cf9f2f10f012919588db1919e406b" score = 75 @@ -99161,8 +99161,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_99681F1C : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0b02cfe16ac73f2e7dc52eaf3b93279b7d02b3d64d061782dfed0c55ab621a8e" logic_hash = "v1_sha256_fb293d74186e778856780377120ac2ebe9550a508a0b33e706c39f93a5509df8" score = 75 @@ -99190,8 +99190,8 @@ rule ELASTIC_Linux_Trojan_Sckit_A244328F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sckit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sckit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "685da66303a007322d235b7808190c3ea78a828679277e8e03e6d8d511df0a30" logic_hash = "v1_sha256_8001c9fcf9f8b70c3e27554156b0b26ddcd6cab36bf97cf3b89a4c43c9ad883c" score = 75 @@ -99219,8 +99219,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_77C36Ace : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "28e28025060f1bafd4eb96c7477cab73497ca2144b52e664b254c616607d94cd" logic_hash = "v1_sha256_e8c1060efde0c4a073247d03a19dedb1c0acc8506fbf6eac93ac44f00fc73be1" score = 75 @@ -99252,8 +99252,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_975D546C : FILE MEMORY date = "2023-03-23" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "aca133bf1d72cf379101e6877871979d6e6e8bc4cc692a5ba815289735014340" logic_hash = "v1_sha256_cbd8ce991059f961236a4bb83ea5a78efa661199b40fca8b09550856e932198b" score = 75 @@ -99286,8 +99286,8 @@ rule ELASTIC_Windows_Hacktool_Sharpsccm_9Bef8Dab : FILE MEMORY date = "2024-03-25" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2e169c4fd16627029445bb0365a2f9ee61ab6b3757b8ad02fd210ce85dc9c97f" logic_hash = "v1_sha256_560c780934a63b3c857a09841c09cbc350205868c696fac958e249e1379cc865" score = 75 @@ -99327,8 +99327,8 @@ rule ELASTIC_Linux_Exploit_Sorso_Ecf99F8F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Sorso.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Sorso.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "v1_sha256_c771ff109e548e37134cd76ac668f0d4abafcf262de12b00236ad94fc11a99d1" score = 75 @@ -99356,8 +99356,8 @@ rule ELASTIC_Linux_Exploit_Sorso_91A4D487 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Sorso.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Sorso.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "v1_sha256_bb58c78ae3cc730aa1ef32974f65adabd63972ef181696aeb79954f904f2f405" score = 75 @@ -99385,8 +99385,8 @@ rule ELASTIC_Linux_Exploit_Sorso_61Eae7Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Sorso.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Sorso.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "v1_sha256_a8bc8a2c8405b80b160ad21898003781405a762c0e627f13b34e9362e0aa51a1" score = 75 @@ -99414,8 +99414,8 @@ rule ELASTIC_Linux_Trojan_Melofee_C23D18F3 : FILE MEMORY date = "2024-11-14" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Melofee.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Melofee.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b0abf6691e769ead1f11cfdcd300f8cd5291f19059be6bb40d556f793b1bc21e" logic_hash = "v1_sha256_fd769e0eca9ee858a3773a906189c510742364722b3e5c384158b3ec4158fc68" score = 75 @@ -99448,8 +99448,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D9E6B88E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a4ac275275e7be694a200fe6c5c5746256398c109cf54f45220637fe5d9e26ba" logic_hash = "v1_sha256_979d2ae62efca0f719ed1db2ff832dc9a0aa0347dcd50ccede29ec35cba6d296" score = 75 @@ -99477,8 +99477,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_30C039E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b494ca3b7bae2ab9a5197b81e928baae5b8eac77dfdc7fe1223fee8f27024772" logic_hash = "v1_sha256_a9dbfede68a3209b403aa40dbc5b69326c3e1c14259ed6bc6351f0f9412cfce2" score = 75 @@ -99506,8 +99506,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_C94Eec37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "294fcdd57fc0a53e2d63b620e85fa65c00942db2163921719d052d341aa2dc30" logic_hash = "v1_sha256_39a49e1661ac2ca6a43a56b0bd136976f6d506c0779d862a43ba2c25d6947fee" score = 75 @@ -99535,8 +99535,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_F806D5D9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da" logic_hash = "v1_sha256_86336f662e3abcf2fe7635155782c549fc9eef514356bf78bfbc3b65192e2d90" score = 75 @@ -99564,8 +99564,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0Fa3A6E9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "40a15a186373a062bfb476b37a73c61e1ba84e5fa57282a7f9ec0481860f372a" logic_hash = "v1_sha256_970062e909ffe5356b750605f2c44a6e893949bc5bc71be3ea98b16e51629d4d" score = 75 @@ -99593,8 +99593,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_36A98405 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304" logic_hash = "v1_sha256_a32d324d1865a7796faefbc2f209e6043008a696929fe7837afbbc770e6f4c74" score = 75 @@ -99622,8 +99622,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0C6686B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "v1_sha256_731bb3f9957e8777040c0b7b316a818f4ee1ca9a113fb9eed24ee61bfc71e11d" score = 75 @@ -99651,8 +99651,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_9Ce5B69F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ad63fbd15b7de4da0db1b38609b7481253c100e3028c19831a5d5c1926351829" logic_hash = "v1_sha256_b9756eb99e59ba3a9a616b391bcf26bda26a6ac0de115460f9ba52129f590764" score = 75 @@ -99680,8 +99680,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_55A80Ab6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da" logic_hash = "v1_sha256_1fc29f98e9ea2a5b67d0a88f37813a5e62b5f1d2a26aee74f90e9ead445dc713" score = 75 @@ -99709,8 +99709,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_E98B83Ee : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "v1_sha256_8b16c0fee991ee2143a20998097066a90b1f20060bac7b42e5c3188adcdc7907" score = 75 @@ -99738,8 +99738,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_8A11F9Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571" logic_hash = "v1_sha256_f80dcb3579a76da787e9bb2bfb02ef86e464aec1bea405f02642b8c8902c7663" score = 75 @@ -99767,8 +99767,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_2462067E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3847f1c7c15ce771613079419de3d5e8adc07208e1fefa23f7dd416b532853a1" logic_hash = "v1_sha256_cf6c0703f9108f8193e0a9c18ba3d76263527a13fe44e194fa464d399512ae05" score = 75 @@ -99796,8 +99796,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0A028640 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e36081f0dbd6d523c9378cdd312e117642b0359b545b29a61d8f9027d8c0f2f0" logic_hash = "v1_sha256_663f110c7214498466759b66a83ff1844f5bf45ce706fa8ad0e8b205cc9c8f72" score = 75 @@ -99825,8 +99825,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_6B3974B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2216776ba5c6495d86a13f6a3ce61b655b72a328ca05b3678d1abb7a20829d04" logic_hash = "v1_sha256_7c44a0abcd51a6b775fc379b592652ebb10faf16c039ca23b20984183340cada" score = 75 @@ -99854,8 +99854,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_87Bcb848 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857" logic_hash = "v1_sha256_60e8aa7e27ea0bec665075a373ce150c21af4cddfd511b7ec771293126f0006c" score = 75 @@ -99883,8 +99883,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Ad60D7E8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1253a8cd1a5230f1ec1f8c7ecd07f89f28acf5c2aa92395c6cb9e635c16a1e25" score = 75 quality = 73 @@ -99911,8 +99911,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_22646C0D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "20439a8fc21a94c194888725fbbb7a7fbeef5faf4b0f704559d89f1cd2e57d9d" logic_hash = "v1_sha256_548f531429132392f6d9bccff706b56ba87d8e44763116dedca5d0baa5097b92" score = 75 @@ -99940,8 +99940,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_019F0E75 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857" logic_hash = "v1_sha256_7a63eb94266b04a31ba67165c512e2e060c3e344665aeed748a51943143b2219" score = 75 @@ -99969,8 +99969,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_7C545Abf : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "95691c7ad1d80f7f1b5541e1d1a1dbeba30a26702a4080d256f14edb75851c5d" logic_hash = "v1_sha256_fa50ccc4c85417d18a84b7f117f853609c44b17c488a937cdc7495e2d32757f7" score = 75 @@ -99998,8 +99998,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_32C0B950 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "214c1caf20ceae579476d3bf97f489484df4c5f1c0c44d37ff9b9066072cd83c" logic_hash = "v1_sha256_db077e5916327ca78fcc9dc35f64e5c497dbbe60c4a0c1eb7abb49c555765681" score = 75 @@ -100027,8 +100027,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Cbf50D9C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b64d0cf4fc4149aa4f63900e61b6739e154d328ea1eb31f4c231016679fc4aa5" logic_hash = "v1_sha256_331a35fb3ecc54022b1d4d05bd64e7c5c6a7997b06dbea3a36c33ccc0a2f7086" score = 75 @@ -100056,8 +100056,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_40C25A06 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "61af6bb7be25465e7d469953763be5671f33c197d4b005e4a78227da11ae91e9" logic_hash = "v1_sha256_38976911ff9e56fae27fad8b9df01063ed703f43c8220b1fbcef7a3945b3f1ad" score = 75 @@ -100085,8 +100085,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_35806Adc : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b" logic_hash = "v1_sha256_6e9d3e5c0a33208d1b5f4f84f8634955e70bd63395b367cd1ece67798ce5e502" score = 75 @@ -100114,8 +100114,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D74D7F0C : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b0a8b2259c00d563aa387d7e1a1f1527405da19bf4741053f5822071699795e2" logic_hash = "v1_sha256_6f5313fc9e838bd06bd4e797ea7fb448073849dc714ecf18809f94900fa11ca2" score = 75 @@ -100143,8 +100143,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_71D31510 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "33dd6c0af99455a0ca3908c0117e16a513b39fabbf9c52ba24c7b09226ad8626" logic_hash = "v1_sha256_18bfe9347faf1811686a61e0ee0de5cef842beb25fb06793947309135c41de89" score = 75 @@ -100172,8 +100172,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_97288Af8 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c39eb055c5f71ebfd6881ff04e876f49495c0be5560687586fc47bf5faee0c84" logic_hash = "v1_sha256_c5b521cc887236a189dca419476758cee0f1513a8ad81c94b1ff42e4fe232b8e" score = 75 @@ -100201,8 +100201,8 @@ rule ELASTIC_Windows_Trojan_Dragonbreath_B27Bc56B : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DragonBreath.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DragonBreath.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45023fd0e694d66c284dfe17f78c624fd7e246a6c36860a0d892d232a30949be" logic_hash = "v1_sha256_b86d5541a7e03a698ad918cdbba987474c6680353b4d2de2f8422ecd0ebcac61" score = 75 @@ -100232,8 +100232,8 @@ rule ELASTIC_Multi_Hacktool_Supershell_F7486598 : FILE MEMORY date = "2024-09-12" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Hacktool_SuperShell.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Hacktool_SuperShell.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "18556a794f5d47f93d375e257fa94b9fb1088f3021cf79cc955eb4c1813a95da" logic_hash = "v1_sha256_8c2c3f13fad03ece29f7f3fd12e22807b61ecdc16dee00b6430b915631554cff" score = 75 @@ -100264,8 +100264,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_E8F16920 : FILE MEMORY date = "2023-02-28" modified = "2023-03-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_NapListener.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_NapListener.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4" logic_hash = "v1_sha256_6cb7b5051fab2b56f39b2805788b5b0838a095b41fcc623fe412b215736be5d4" score = 75 @@ -100295,8 +100295,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_414180A7 : FILE MEMORY date = "2023-02-28" modified = "2023-03-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_NapListener.yar#L23-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_NapListener.yar#L23-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4" logic_hash = "v1_sha256_52d3ddebdc1a8aa4bcb902273bd2d3b4f9b51f248d25e7ae1cc260a9550111f5" score = 75 @@ -100329,8 +100329,8 @@ rule ELASTIC_Windows_Trojan_Protects_9F6Eaa90 : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0330e072b7003f55a3153ac3e0859369b9c3e22779b113284e95ce1e2ce2099" logic_hash = "v1_sha256_ddc8c97598b2d961dc51bdf2c7ab96abcec63824acd39b767bc175371844c1e5" score = 75 @@ -100358,8 +100358,8 @@ rule ELASTIC_Linux_Trojan_Sqlexp_1Aa5001E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "714a520fc69c54bcd422e75f4c3b71ce636cfae7fcec3c5c413d1294747d2dd6" logic_hash = "v1_sha256_48c7331c80aa7d918f46d282c6f38b8e780f9b5222cf9304bf1a8bb39cc129ab" score = 75 @@ -100387,8 +100387,8 @@ rule ELASTIC_Linux_Ransomware_Akira_02237952 : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Akira.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Akira.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296" logic_hash = "v1_sha256_a9b3cdddb3387251d7da90f32b08b9c1eedcdff1fe90d51f4732183666a6d467" score = 75 @@ -100419,8 +100419,8 @@ rule ELASTIC_Linux_Ransomware_Akira_27440619 : FILE MEMORY date = "2024-11-21" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Akira.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Akira.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75" logic_hash = "v1_sha256_d2bb413b5919b3ed6239fbc714d025d2ddc321cb8a0b310aaae48b0869810be8" score = 75 @@ -100448,8 +100448,8 @@ rule ELASTIC_Linux_Hacktool_Wipelog_Daea1Aa4 : FILE MEMORY date = "2022-03-17" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "39b3a95928326012c3b2f64e2663663adde4b028d940c7e804ac4d3953677ea6" logic_hash = "v1_sha256_e2483b7719f4a1e28ec3732120770066333d8db269c9c9711813a8eeb75176d6" score = 75 @@ -100487,8 +100487,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_Cfa94001 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0a26e67692605253819c489cd4793a57e86089d50150124394c30a8801bf33e6" logic_hash = "v1_sha256_b5a86a79384997f977d353371ccaa8c736f5c24af40b85a24076d4c4fb79a237" score = 75 @@ -100516,8 +100516,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_A000F267 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c85cc6768a28fb7de16f1cad8d3c69d8f0b4aa01e00c8e48759d27092747ca6f" logic_hash = "v1_sha256_2a8cb11bb21f2ce620a6fa1f0fb932bef60a479fac836058ec4e8c760b5d60f9" score = 75 @@ -100545,8 +100545,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_8B9E4F9F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0230c81ba747e588cd9b6113df6e1867dcabf9d8ada0c1921d1bffa9c1b9c75d" logic_hash = "v1_sha256_6979a900a2532a8da36711f3ffe13f71ec4efa7771aa2feec9391bd031aaa023" score = 75 @@ -100574,8 +100574,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_055F88B8 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "607c8c5edc8cbbd79a40ce4a0eccf46e01447985d9415d1eff6a91bf64074507" logic_hash = "v1_sha256_29e59bb372f0b37b507c72e5b5bcb27ba0fa2aaac71ea77f0cab85af31708c8a" score = 75 @@ -100603,8 +100603,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_431E689D : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1cbb09223f16af4cd13545d72dbeeb996900535b1e279e4bcf447670728de1e1" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_5b9a7ffcd6fc6893a8224fd2b9ca59f4cff6086669a73190114db510a1ad9ff2" score = 75 quality = 75 @@ -100631,8 +100631,8 @@ rule ELASTIC_Multi_Trojan_Sparkrat_9A21E541 : FILE MEMORY date = "2023-11-13" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_SparkRat.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_SparkRat.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "23efecc03506a9428175546a4b7d40c8a943c252110e83dec132c6a5db8c4dd6" logic_hash = "v1_sha256_903c5c65436bea8dd044fd5f1f6dda3d1e90ab25802d508f67ba0f7fd06e92d4" score = 75 @@ -100662,8 +100662,8 @@ rule ELASTIC_Linux_Trojan_Rbot_C69475E3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9d97c69b65d2900c39ca012fe0486e6a6abceebb890cbb6d2e091bb90f6b9690" logic_hash = "v1_sha256_2a8629ebf6e2082ce90f1b2130ae596e4e515f3289a25899f2fc57b99c01a654" score = 75 @@ -100691,8 +100691,8 @@ rule ELASTIC_Linux_Trojan_Rbot_96625C8C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a052cfad3034d851c6fad62cc8f9c65bceedc73f3e6a37c9befe52720fd0890e" logic_hash = "v1_sha256_5a9671e10e7b9b58ecf9fab231de18b4b6039c9d351b145fae1705297acda95e" score = 75 @@ -100720,8 +100720,8 @@ rule ELASTIC_Linux_Trojan_Rbot_366F1599 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rbot.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rbot.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5553d154a0e02e7f97415299eeae78e5bb0ecfbf5454e3933d6fd9675d78b3eb" logic_hash = "v1_sha256_3efe0f35efd855b415149513e8abb2210a26ef6f3b6c31275c8147fabb634fab" score = 75 @@ -100749,8 +100749,8 @@ rule ELASTIC_Linux_Exploit_Ramen_01B205Eb : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Ramen.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Ramen.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd" logic_hash = "v1_sha256_e477e93434db9e650f159995f2cb754394f3187dc341d2ea4c2466924e19a8a6" score = 75 @@ -100778,8 +100778,8 @@ rule ELASTIC_Linux_Rootkit_Adore_Fe3Fd09F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Adore.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Adore.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f4e532b840e279daf3d206e9214a1b065f97deb7c1487a34ac5cbd7cbbf33e1a" logic_hash = "v1_sha256_cc07efb9484562cd870649a38126f08aa4e99ed5ad4662ece0488d9ffd97520e" score = 75 @@ -100807,8 +100807,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_89397Ebf : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ae5cc99f3c61c86c7624b064fd188262e0160645c1676d231516bf4e716a22d3" logic_hash = "v1_sha256_e887c34c624a182a3c57a55abe02784c4350d3956bcfd9f7918f08a464819e63" score = 75 @@ -100836,8 +100836,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_3F5C98C4 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5" logic_hash = "v1_sha256_7570bf1a69df6b493bde41c1de27969e36a3fcb59be574ee2e24e3a61347a146" score = 75 @@ -100865,8 +100865,8 @@ rule ELASTIC_Windows_Trojan_Buerloader_C8A60F46 : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3abed86f46c8be754239f8c878f035efaae91c33b8eb8818c5bbed98c4d9a3ac" logic_hash = "v1_sha256_d11b117efc10547e77ce8979f8a1d42f34937101e58a0e36228baa37cd30d2aa" score = 75 @@ -100899,8 +100899,8 @@ rule ELASTIC_Linux_Trojan_Backconnect_C6803B39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a5e6b084cdabe9a4557b5ff8b2313db6c3bb4ba424d107474024030115eeaa0f" logic_hash = "v1_sha256_02750b2788c2912bba0fc8594f6a12c75ce1f41d1075acf7c920f6e616ab65c7" score = 75 @@ -100928,8 +100928,8 @@ rule ELASTIC_Windows_Exploit_Ioring_1E4A8F47 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_IoRing.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_IoRing.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ba2bd270bf3f312dfa3f77f0716edb634c90506c87f82c04aee09445d18738eb" logic_hash = "v1_sha256_cbbea9a60bde13356ce88cd96aacaa02a3c99f4ae0b48c4ba84b72528a3d6b91" score = 75 @@ -100960,8 +100960,8 @@ rule ELASTIC_Macos_Cryptominer_Xmrig_241780A1 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f" logic_hash = "v1_sha256_9e091f6881a96abdc6592db385eb9026806befdda6bda4489470b4e16e1d4d87" score = 75 @@ -100992,8 +100992,8 @@ rule ELASTIC_Windows_Trojan_Fabookie_024F8759 : FILE MEMORY date = "2023-06-22" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e" logic_hash = "v1_sha256_9477406b718c6489161cf4636be66c4f72df923b9c5a7ee4069ef6a9552de485" score = 75 @@ -101022,8 +101022,8 @@ rule ELASTIC_Windows_Trojan_Legionloader_F91120C6 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_LegionLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_LegionLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45670ffa9b24542ae84e3c9eb5ce609c2bcd29129215a7f37eb74b6211e32b22" logic_hash = "v1_sha256_760402587a9ca3d3e6602fe57d3346ea6f60ba5c8d3a902bf493233baab597b0" score = 75 @@ -101051,8 +101051,8 @@ rule ELASTIC_Macos_Hacktool_Swiftbelt_Bc62Ede6 : FILE MEMORY date = "2021-10-12" modified = "2021-10-25" reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "452c832a17436f61ad5f32ee1c97db05575160105ed1dcd0d3c6db9fb5a9aea1" logic_hash = "v1_sha256_51481baa6ddb09cf8463d989637319cb26b23fef625cc1a44c96d438c77362ca" score = 75 @@ -101104,8 +101104,8 @@ rule ELASTIC_Linux_Backdoor_Generic_Babf9101 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Backdoor_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Backdoor_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9ea73d2c2a5f480ae343846e2b6dd791937577cb2b3d8358f5b6ede8f3696b86" logic_hash = "v1_sha256_40084f3bed66c1d4a1cd2ffca99fd6789c8ed2db04031e4d4a4926b41d622355" score = 75 @@ -101133,8 +101133,8 @@ rule ELASTIC_Linux_Backdoor_Generic_5776Ae49 : FILE MEMORY date = "2021-04-06" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Backdoor_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Backdoor_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e247a5decb5184fd5dee0d209018e402c053f4a950dae23be59b71c082eb910c" logic_hash = "v1_sha256_b606f12c47182d80e07f8715639c3cc73753274bd8833cb9f6380879356a2b12" score = 75 @@ -101162,8 +101162,8 @@ rule ELASTIC_Windows_Exploit_Eternalblue_Ead33Bf8 : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a1340e418c80be58fb6bbb48d4e363de8c6d62ea59730817d5eda6ba17b2c7a7" logic_hash = "v1_sha256_4d0ab8bd7ef5b20e656110ac3c78b08803539387cb4fe1425a284d39c42aa199" score = 75 @@ -101191,8 +101191,8 @@ rule ELASTIC_Macos_Trojan_Aobokeylogger_Bd960F34 : FILE MEMORY date = "2021-10-18" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2b50146c20621741642d039f1e3218ff68e5dbfde8bb9edaa0a560ca890f0970" logic_hash = "v1_sha256_f89fbf1d6bf041de0ce32f7920818c34ce0eeb6779bb7fac6f223bbea1c6f6fa" score = 75 @@ -101220,8 +101220,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_83F05Fbe : BETA FILE MEMORY date = "2020-06-18" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c88fc2690deae3700e605b2affb5ecac3d1ffc92435f33209f31897d28715b8c" score = 75 quality = 73 @@ -101262,8 +101262,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_182B2Cea : BETA FILE MEMORY date = "2020-06-18" modified = "2021-10-04" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1c23effe5f8b35c5e03ebd5e57664c8937259d464f92dda0a9df344b982e8f8c" score = 75 quality = 75 @@ -101297,8 +101297,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_A282Ba44 : BETA FILE MEMORY date = "2020-06-18" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_3a583069c9ab851a90f3a61c9c4fa67f8b918b8d168fcf7f25b2a3ae3465c596" score = 75 quality = 75 @@ -101333,8 +101333,8 @@ rule ELASTIC_Windows_Cryptominer_Generic_Dd1E4D1A : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7ac1d7b6107307fb2442522604c8fa56010d931392d606ac74dcea6b7125954b" logic_hash = "v1_sha256_b7289c4688ec67d59e67755461f1f4e0c3f47ef9f8c73fc1dcc1d168baf11623" score = 75 @@ -101362,8 +101362,8 @@ rule ELASTIC_Windows_Cryptominer_Generic_F53Cfb9B : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Cryptominer_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Cryptominer_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a9870a03ddc6543a5a12d50f95934ff49f26b60921096b2c8f2193cb411ed408" logic_hash = "v1_sha256_b2453862747e251afc34c57e887889b8d3a65a9cc876d4a95ff5ecfcc24e4bd3" score = 75 @@ -101391,8 +101391,8 @@ rule ELASTIC_Windows_Hacktool_EDRWFP_F6D7Db7A : FILE date = "2024-06-10" modified = "2024-07-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_EDRWFP.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_EDRWFP.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a1fc2f3ded852f75e36e70ae39087e21ae5b6af10e2038d04e61bd500ba511e2" logic_hash = "v1_sha256_45d427e4f52346b4a18c154bb0afb636c18951fd9c7323846bf2eb7e47928ef6" score = 75 @@ -101423,8 +101423,8 @@ rule ELASTIC_Macos_Trojan_Getshell_F339D74C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b2199c15500728a522c04320aee000938f7eb69d751a55d7e51a2806d8cd0fe7" logic_hash = "v1_sha256_77a409f1a0ab5f87a77a6b2ffa2d4ff7bd6d86c0f685c524e2083585bb3fb764" score = 75 @@ -101452,8 +101452,8 @@ rule ELASTIC_Windows_Trojan_Carberp_D6De82Ae : FILE MEMORY date = "2021-02-07" modified = "2021-08-23" reference = "https://github.com/m0n0ph1/malware-1/blob/master/Carberp%20Botnet/source%20-%20absource/pro/all%20source/hvnc_dll/HVNC%20Lib/vnc/xvnc.h#L342" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Carberp.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Carberp.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f98fadb6feab71930bd5c08e85153898d686cc96c84fe349c00bf6d482de9b53" logic_hash = "v1_sha256_085020755c77b299b2bfd18b34af6c68450c29de67b8ae32ddf2b26299b923ae" score = 75 @@ -101483,8 +101483,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_03C81Bd9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3fc701a2caab0297112501f55eaeb05264c5e4099c411dcadc7095627e19837a" logic_hash = "v1_sha256_dc2dfa128f509221cae8bae9864190e8316bb7a5ae081da1076081b5f4fdc870" score = 75 @@ -101512,8 +101512,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_757637D9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7" logic_hash = "v1_sha256_b1f1784aae5958740d03ca50d0b9731e8db7d86d918d16e82cf6fc1e1bf663a9" score = 75 @@ -101541,8 +101541,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_78543893 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ff5b02d2b4dfa9c3d53e7218533f3c57e82315be8f62aa17e26eda55a3b53479" logic_hash = "v1_sha256_4bb6a6e063fd00569b04f4514ec1731357aa8e8ce4cfee354fdd86773a4358da" score = 75 @@ -101570,8 +101570,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_4F8D83D2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d78128eca706557eeab8a454cf875362a097459347ddc32118f71bd6c73d5bbd" logic_hash = "v1_sha256_6fee488d97fe1d4be558b6886c603010c6d1423a750783b38a65d2fb3eeb76f4" score = 75 @@ -101599,8 +101599,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F4Afd230 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "805e900ffc9edb9f550dcbc938a3b06d28e9e7d3fb604ff68a311a0accbcd2b1" logic_hash = "v1_sha256_9aba4ebbf946f07071bfb94fa50c6981ae8c659aca9ee6e05c7ef214432d7466" score = 75 @@ -101628,8 +101628,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Bb384Bc9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ecc6635117b99419255af5d292a7af3887b06d5f3b0f59d158281eebfe606445" logic_hash = "v1_sha256_1e9faba4f245d8b0d6944430286a5fc3e11cd7e036a4151b29fc2c5f037894fb" score = 75 @@ -101657,8 +101657,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_B293F6Ec : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "v1_sha256_0e310082714f5283f9b4ccde5a8e17994e3bc4acf3d744b22734c136dde7cebb" score = 75 @@ -101686,8 +101686,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_C5983669 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d08be92a484991afae3567256b6cec60a53400e0e9b6f6b4d5c416a22ccca1cf" logic_hash = "v1_sha256_ff673070969f1ededf8ff2c7cadfc251c7d2e52da58906b15cfc04593a755d55" score = 75 @@ -101715,8 +101715,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Fbff22Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7" logic_hash = "v1_sha256_d3e3037593f5714dfb49c6e19631fd46331e2702c8bf6d6099bb5b34158321a9" score = 75 @@ -101744,8 +101744,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_E2D5Fad8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7e54e57db3de32555c15e529c04b35f52d75af630e45b5f8d6c21149866b6929" logic_hash = "v1_sha256_b294ce1c4d928d73342bb6260456d850f9c59f3c48c7c4ffbce32ea9238f6eee" score = 75 @@ -101773,8 +101773,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F2F8Eb6B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01721b9c024ca943f42c402a57f45bd4c77203a604c5c2cd26e5670df76a95b2" logic_hash = "v1_sha256_b6555e69b663591550976fd44352ecbdf0a0aef1e07a64396a576125a4fe4ba6" score = 75 @@ -101802,8 +101802,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_89671B03 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "001098473574cfac1edaca9f1180ab2005569e094be63186c45b48c18f880cf8" logic_hash = "v1_sha256_dfa7027c4fa0cbde33df87063fea4ecf51a085f3cc1805123c62747882d0a07e" score = 75 @@ -101831,8 +101831,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Dbc73Db0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9fe78e4dd7975856a74d8dfd83e69793a769143e0fe6994cbc3ef28ea37d6cf8" logic_hash = "v1_sha256_4a7453342fd72dacb781919d3fac3bab02e7ef7c882d5938a2e0e1274c704705" score = 75 @@ -101860,8 +101860,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Ec339160 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0002b469972f5c77a29e2a2719186059a3e96a6f4b1ef2d18a68fee3205ea0ba" logic_hash = "v1_sha256_9c1d1254093b172798024c42a6d78f5e6720d20b8c2a8ad4ca26c8e88e42f0e8" score = 75 @@ -101889,8 +101889,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_7Cd57E18 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1eecf16dae302ae788d1bc81278139cd9f6af52d7bed48b8677b35ba5eb14e30" logic_hash = "v1_sha256_97604cdc9daa9993b9a18dc5df7ab105a5e6001129bcfcfeeb86640bee26f59d" score = 75 @@ -101918,8 +101918,8 @@ rule ELASTIC_Windows_Trojan_Danabot_6F3Dadb2 : FILE MEMORY date = "2021-08-15" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Danabot.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Danabot.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "716e5a3d29ff525aed30c18061daff4b496f3f828ba2ac763efd857062a42e96" logic_hash = "v1_sha256_b9c895be9eab775726abd2c13256d598c5b79bceb2d652c30b1df4cfc37e4b93" score = 75 @@ -101954,8 +101954,8 @@ rule ELASTIC_Linux_Rootkit_Kovid_B77Dc7F4 : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Kovid.yar#L1-L47" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Kovid.yar#L1-L47" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "933273ff95a57dfe0162175dc6143395e23c69e36d8ca366481b795deaab4fd0" logic_hash = "v1_sha256_090c92e108f78a6d7ba9d0ed796c32226f253b81cf0ad8a138736d073761856c" score = 75 @@ -102011,8 +102011,8 @@ rule ELASTIC_Windows_Ransomware_Generic_99F5A632 : FILE MEMORY date = "2022-02-24" modified = "2022-02-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Generic.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Generic.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382" logic_hash = "v1_sha256_2284cfc91d17816f1733e8fe319af52bc66af467364d27f84e213082c216ae8b" score = 75 @@ -102043,8 +102043,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_5D112Feb : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de" logic_hash = "v1_sha256_d234a1e74234400f51c2aa7a9fb1549be1bc422bdf585db7d2ec9ad1ec75e490" score = 75 @@ -102074,8 +102074,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_612A7A16 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8fda0e1775d903b73836d4103f6e8b0e2f052026b3acdb07bd345b9ddb3c873a" score = 75 quality = 75 @@ -102104,8 +102104,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_D3Ac2B2F : FILE MEMORY date = "2021-03-22" modified = "2022-06-20" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4" logic_hash = "v1_sha256_9c13a99107593d476de1522ced10aa43d34535b844e8c3ae871b22358137c926" score = 75 @@ -102171,8 +102171,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_E577E17E : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6" logic_hash = "v1_sha256_84c5f1096735cee0f0f4ad41a81286c0a60dc17c276f23568b855271d996c8a2" score = 75 @@ -102200,8 +102200,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_F2A90D14 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6" logic_hash = "v1_sha256_3f39b773f2b1524b05d3c1d9aa1fb54594ec9003d2e9da342b6d17ba885f5a03" score = 75 @@ -102229,8 +102229,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_A2D69E48 : FILE MEMORY date = "2023-05-01" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "edef51e59d10993155104d90fcd80175daa5ade63fec260e3272f17b237a6f44" logic_hash = "v1_sha256_1f90be86b7afa7f518a3dcec55028bfc915cf6d4fed1350a56e351946cc55f41" score = 75 @@ -102259,8 +102259,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_Ebf431A8 : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0cb3051a80a0515ce715b71fdf64abebfb8c71b9814903cb9abcf16c0403f62b" logic_hash = "v1_sha256_b02d6e2d68b336aaa37336e0c0c3ffa6c7a126bfcdb6cb6ad5a3432004c6030c" score = 75 @@ -102293,8 +102293,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_Aa5Eefed : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_bbafc2eac17562f315b09fa42eb601d0140152917d7962429df3a378abe67732" score = 75 quality = 75 @@ -102323,8 +102323,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_B31Cac3F : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_30500e35721e9db3d63cafa5ca10818557fa9f4e0bda9c0d02283183508cf7b5" score = 75 quality = 75 @@ -102354,8 +102354,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_E9319E4A : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_182ed508d645a0b1fab80fb6f975a05d33b64c43005bd3656df6470934cd71f4" score = 75 quality = 75 @@ -102383,8 +102383,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_942142E3 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_af5068ef3442964e4d1c5e27090fb84eaf762ff23463b7a0c2902e523ae601c1" score = 75 quality = 75 @@ -102412,8 +102412,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_0C81A317 : FILE MEMORY CVE_2017_16995 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "48d927b4b18a03dfbce54bb5f4518869773737e449301ba2477eb797afbb9972" logic_hash = "v1_sha256_cdd6b309a1e802f1251d726b0ea74e3d11fdd10d1d0bfa4c6f3d802f819368ec" score = 75 @@ -102441,8 +102441,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_82816Caa : FILE MEMORY CVE_2017_16995 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "14e6b788db0db57067d9885ab5ff3d3a5749639549d82abd98fa4fcf27000f34" logic_hash = "v1_sha256_3ae00290073d41ff5dba2f677510bf9a9c0ebaed221901eb8b1a8dda08157a46" score = 75 @@ -102470,8 +102470,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_5Edb0181 : FILE MEMORY CVE_2017_16995 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e4df84e1dffbad217d07222314a7e13fd74771a9111d07adc467a89d8ba81127" logic_hash = "v1_sha256_f6eb19329db765938b48021039baaf1b5aeb3240c405ba20ed81863a0fb4b583" score = 75 @@ -102499,8 +102499,8 @@ rule ELASTIC_Macos_Backdoor_Kagent_64Ca1865 : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d599d7814adbab0f1442f5a10074e00f3a776ce183ea924abcd6154f0d068bb4" logic_hash = "v1_sha256_dea0a1bbe8c3065b395de50b5ffc2fbdf479ed35ce284fa33298d6ed55e960c6" score = 75 @@ -102534,8 +102534,8 @@ rule ELASTIC_Windows_Wiper_Isaacwiper_239Cd2Dc : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033" logic_hash = "v1_sha256_102ffe215b1e1c39e1225cb39dfeb10a20a08c5b10f836490fc1501c6eb9e930" score = 75 @@ -102568,8 +102568,8 @@ rule ELASTIC_Windows_Trojan_Sliver_46525B49 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Sliver.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Sliver.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ecce5071c28940a1098aca3124b3f82e0630c4453f4f32e1b91576aac357ac9c" logic_hash = "v1_sha256_6e61d82b191a740882bcfeac2f2cf337e19ace7b05784ff041b6af2f79ed8809" score = 75 @@ -102598,8 +102598,8 @@ rule ELASTIC_Windows_Trojan_Sliver_C9Cae357 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Sliver.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Sliver.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "27210d8d6e16c492c2ee61a59d39c461312f5563221ad4a0917d4e93b699418e" logic_hash = "v1_sha256_fea862352981787055961b1171de9b69a9c13d246f434809c8f4416d5c49a0ff" score = 75 @@ -102627,8 +102627,8 @@ rule ELASTIC_Windows_Trojan_Sliver_1Dd6D9C2 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Sliver.yar#L42-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Sliver.yar#L42-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dc508a3e9ea093200acfc1ceebebb2b56686f4764fd8c94ab8c58eec7ee85c8b" logic_hash = "v1_sha256_5ef70322a6ee3dec609d2881b7624d25bc0297a2e6f43ac60834745e6a258cf3" score = 75 @@ -102657,8 +102657,8 @@ rule ELASTIC_Linux_Rootkit_Suterusu_94667Bf2 : FILE MEMORY date = "2024-11-14" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Suterusu.yar#L1-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Suterusu.yar#L1-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "753fd579a684e09a70ae0fd147441c45d24a5acae94a78a92e393058c3b69506" logic_hash = "v1_sha256_a02e2d05bc3bee902829087e21dcc7ed19320336c7d66d3938b0b9fd4c298bcb" score = 75 @@ -102727,8 +102727,8 @@ rule ELASTIC_Windows_Infostealer_Generic_Acde9261 : FILE MEMORY date = "2024-10-21" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Infostealer_Generic.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Infostealer_Generic.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b46239c47a835757bba49078728f693b7273b0e3755e2968deac4aa92e90364d" logic_hash = "v1_sha256_86897117295bdcf79fad9f2ad939fabe89e3770309122ba142c7a26c926148c5" score = 75 @@ -102760,8 +102760,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_C42Fd06D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "v1_sha256_4ff7aad11adaae8fccb23d36fc96937ba48a5517895a742f2864ba1973f3db3a" score = 75 @@ -102789,8 +102789,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_D08B1D2E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4f7ad24b53b8e255710e4080d55f797564aa8c270bf100129bdbe52a29906b78" logic_hash = "v1_sha256_8f489bb020397beae91f7bce82bc1b47912deab1b79224158f79c53f1d7c7fd3" score = 75 @@ -102818,8 +102818,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_0797De34 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e4699e35ce8091f97decbeebff63d7fa8c868172a79f9d9d52b6778c3faab8f2" logic_hash = "v1_sha256_7ab5dd99d8bbef61ec764900df5bebf39ed90833a8f9481c427cbb46faf2c521" score = 75 @@ -102847,8 +102847,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_41E36585 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "v1_sha256_e176523afe8c3394ddda41a5ef11f825fed1e149476709a7c1ea26b8af72d4fc" score = 75 @@ -102876,8 +102876,8 @@ rule ELASTIC_Windows_Hacktool_Chromekatz_Fa232Bba : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3f6922049422df14f1a1777001fea54b18fbfb0a4b03c4ee27786bfbc3b8ab87" logic_hash = "v1_sha256_c86291fadd51845cbd7428b159e401d78ac77090e14e34d06bf7bf2018f4502a" score = 75 @@ -102914,8 +102914,8 @@ rule ELASTIC_Linux_Cryptominer_Minertr_9901E275 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f77246a93782fd8ee40f12659f41fccc5012a429a8600f332c67a7c2669e4e8f" logic_hash = "v1_sha256_a18e0763fe9aec6d89b39cefb872b1751727e2d88ec4733b9c8b443b83219763" score = 75 @@ -102943,8 +102943,8 @@ rule ELASTIC_Windows_Trojan_Poshc2_E2D3881E : FILE MEMORY date = "2023-03-29" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7a718a4f74656346bd9a2e29e008705fc2b1c4d167a52bd4f6ff10b3f2cd9395" logic_hash = "v1_sha256_4f3e2a9f22826a155a3007193a0f75a5fde6e423734a60f30628ea3bb33d3457" score = 75 @@ -102979,8 +102979,8 @@ rule ELASTIC_Windows_Ransomware_Crytox_29859242 : FILE MEMORY date = "2024-01-18" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "55a27cb6280f31c077987d338151b13e9dc0cc1c14d47a32e64de6d6c1a6a742" logic_hash = "v1_sha256_47ca96e14b2b56bc6ef1ed22b42adac7aa557170632c2dc085fae3baf6198f40" score = 75 @@ -103008,8 +103008,8 @@ rule ELASTIC_Linux_Rootkit_Jynx_C470Eaff : FILE MEMORY date = "2024-11-14" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Jynx.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Jynx.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "79c2ae1a95b44f3df42d669cb44db606d2088c5c393e7de5af875f255865ecb4" logic_hash = "v1_sha256_02d1ec1670089a3d9743e57a8dd504f57cea897eca0f896c129fd4f30f24e700" score = 75 @@ -103047,8 +103047,8 @@ rule ELASTIC_Windows_Hacktool_Sharpview_2C7603Ad : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93" logic_hash = "v1_sha256_1f80b2fd6121c2b36742c819a56626af2e1450dac0f62c67d93f09e4e140b75f" score = 75 @@ -103091,8 +103091,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_903E33C3 : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21" logic_hash = "v1_sha256_5f96f68df442eb1da21d87c3ae954c4e36cf87db583cbef1775f8ca9e76b776e" score = 75 @@ -103120,8 +103120,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_46F2E5Fd : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21" logic_hash = "v1_sha256_580be4c5b058916c2bc67a7964522a7c369bb254394e3cedbf0da025105231c4" score = 75 @@ -103154,8 +103154,8 @@ rule ELASTIC_Linux_Hacktool_Tcpscan_334D0Ca5 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "62de04185c2e3c22af349479a68ad53c31b3874794e7c4f0f33e8d125c37f6b0" logic_hash = "v1_sha256_94ee723c660294e35caec5a2b66eeea64896265cfebc839ed3f55cf8f8c67d7e" score = 75 @@ -103183,8 +103183,8 @@ rule ELASTIC_Linux_Trojan_Lady_75F6392C : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Lady.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Lady.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c257ac7bd3a9639e0d67a7db603d5bc8d8505f6f2107a26c2615c5838cf11826" logic_hash = "v1_sha256_5160b6ab4800c72b48b501787f3164c2ba1061a2abe21c63180e02d6791a4c12" score = 75 @@ -103212,8 +103212,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_A82F5D21 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d76886222de7292e8a76717f6d49452f52aaffb957bb0326bcfc7a35c3fdfc6a" score = 75 quality = 75 @@ -103240,8 +103240,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_383C6708 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d9d607f0bbc101f7f6dc0f16328bdd8f6ddb8ae83107b7eee34e1cc02072cb15" logic_hash = "v1_sha256_b0fd479722ab0808a4709cbacbb874282c48a425f4dbdaec9f74bc7f839c82e4" score = 75 @@ -103269,8 +103269,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_621054Fe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_18f22bb0aa66ec2ecdaa9ca0e0d00ee59a2c9a3f231bd71915140e4464a4ea78" score = 75 quality = 75 @@ -103297,8 +103297,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_1Bda891E : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_74e7547472117de20159f5b158cee0ccacc02a9aba5e5ad64a52c552c966d539" score = 75 quality = 75 @@ -103325,8 +103325,8 @@ rule ELASTIC_Macos_Creddump_Keychainaccess_535C1511 : FILE MEMORY date = "2023-04-11" modified = "2024-08-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_c2995263622d62b11db93f7d163a7595e316ec24b51099f434bc5dbd0afefbfe" score = 75 quality = 49 @@ -103360,8 +103360,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_B35C6F4B : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b" logic_hash = "v1_sha256_acc49348267e963af9ff6ba7afa053d4056d4068b4386a872e33e025790ba759" score = 75 @@ -103395,8 +103395,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_8F657F58 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b" logic_hash = "v1_sha256_20a0d8be9c25d50d4dddd455ecb9739f772f57e988855c7fc2df597b2f67585b" score = 75 @@ -103424,8 +103424,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_Bb204B81 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6147481d083c707dc98905a1286827a6e7009e08490e7d7c280ed5a6356527ad" logic_hash = "v1_sha256_90d211c11281f5f8832210f3fc087fe5ff5a519b9b38628835e8b5fcc560bd9b" score = 75 @@ -103453,8 +103453,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_7C60454D : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "14eeff3516de6d2cb11d6ada4026e3dcee1402940e3a0fb4fa224a5c030049d8" logic_hash = "v1_sha256_90dcd0a3d3f6345e66db0a4f8465e3830eb4e3bcb675db16c60a89e20f935aec" score = 75 @@ -103482,8 +103482,8 @@ rule ELASTIC_Windows_Trojan_Blister_Cb99A1Df : FILE MEMORY date = "2021-12-21" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Blister.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Blister.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0a7778cf6f9a1bd894e89f282f2e40f9d6c9cd4b72be97328e681fe32a1b1a00" logic_hash = "v1_sha256_deb1be5300d8af12dda868dd5f4ccdbb3ec653bd97c33a09e567c13ecafb9e8a" score = 75 @@ -103513,8 +103513,8 @@ rule ELASTIC_Windows_Trojan_Blister_9D757838 : FILE MEMORY date = "2022-04-26" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Blister.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Blister.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "863de84a39c9f741d8103db83b076695d0d10a7384e4e3ba319c05a6018d9737" logic_hash = "v1_sha256_4d9ce1622d77b2ac8b20b2dfb60ac672752dabab315221a5449ebd3c73a3edca" score = 75 @@ -103543,8 +103543,8 @@ rule ELASTIC_Windows_Trojan_Blister_68B53E1B : FILE MEMORY date = "2023-08-02" modified = "2023-08-08" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Blister.yar#L46-L66" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Blister.yar#L46-L66" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db" logic_hash = "v1_sha256_6d935461406a6b9b39867d52aa5ecb088945ae0f8c56895a67e8565e5a2a3699" score = 75 @@ -103573,8 +103573,8 @@ rule ELASTIC_Windows_Trojan_Blister_487B0966 : FILE MEMORY date = "2023-09-11" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Blister.yar#L68-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Blister.yar#L68-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db" logic_hash = "v1_sha256_521409d03335205507cc6894e0de3ca627eb966a95a2f8e7b931e552ad78bbb7" score = 75 @@ -103604,8 +103604,8 @@ rule ELASTIC_Windows_Trojan_Blister_26F8C5F2 : FILE MEMORY date = "2024-09-25" modified = "2024-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Blister.yar#L91-L110" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Blister.yar#L91-L110" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cba30fb1731e165acc256d99d32f3c9e5abfa27d152419d24a91d8b79c5c5cb0" logic_hash = "v1_sha256_dc87a3ae4edf0b8ee18cb7c34f9b4a0305c504b7ef66cb3232c91dc364d3563c" score = 75 @@ -103634,8 +103634,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_3C43D4A7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7" logic_hash = "v1_sha256_c7e9191312197f8925d7231d0b8badf8b5ca35685df909c0d1feb301b4385d7b" score = 75 @@ -103663,8 +103663,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_F9269F00 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7" logic_hash = "v1_sha256_5914d222b49aaf6c1040e48ffd93c04bd5df25f1d97bde79b034862fca6555f6" score = 75 @@ -103692,8 +103692,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_08Bcf61C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "503f293d84de4f2c826f81a68180ad869e0d1448ea6c0dbf09a7b23801e1a9b9" logic_hash = "v1_sha256_fb2755c04b61d19788a92b8c9c1c9eb2552b62b27011e302840fdcf689b3d9b4" score = 75 @@ -103721,8 +103721,8 @@ rule ELASTIC_Windows_PUP_Generic_198B73Aa : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_PUP_Generic.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_PUP_Generic.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_a584c34b9dfc2d78bf8a1e594a2ed519d20088184ce1df09e679b2400aa396d3" score = 75 quality = 75 @@ -103751,8 +103751,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_79D52Efd : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "53a2163ad17a414d9db95f5287d9981c9410e7eaeea096610ba622eb763a6970" logic_hash = "v1_sha256_1d4eb14042f552aa1577d0fe452e92c25bda66d0ad1a66e824677bee65908578" score = 75 @@ -103780,8 +103780,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_D0Eb0924 : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "907995e90a80d3ace862f2ffdf13fd361762b5acc5397e14135d85ca6a61619b" logic_hash = "v1_sha256_5229be3d1997ee4d05846d6804ffafd36c088dd8607a1fba39a0a43950e448c1" score = 75 @@ -103809,8 +103809,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_A5828970 : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4fc781f765a65b714ec27080f25c03f20e06830216506e06325240068ba62d83" logic_hash = "v1_sha256_61b0cb38a6e14efee157547e811450d2ed4674f79ac86656a8d984084f71a665" score = 75 @@ -103838,8 +103838,8 @@ rule ELASTIC_Multi_Trojan_Coreimpact_37703Dc3 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2d954908da9f63cd3942c0df2e8bb5fe861ac5a336ddef2bd0a977cebe030ad7" logic_hash = "v1_sha256_0695f22d6eb8c1b335c43213087539db419562bebd6f5b948cbb168c454bd37c" score = 75 @@ -103871,8 +103871,8 @@ rule ELASTIC_Windows_Attacksimulation_Hovercraft_F5C7178F : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "046645b2a646c83b4434a893a0876ea9bd51ae05e70d4e72f2ccc648b0f18cb6" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e707e89904a5fa4d30f94bfc625b736a411df6bb055c0e40df18ae65025a3740" score = 75 quality = 75 @@ -103900,8 +103900,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_9Ac1654B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_5de1f43803f3d3b94149ea39ed961e7b9a1ad86c15c5085e2e0a5f9c314e98ff" score = 75 quality = 75 @@ -103928,8 +103928,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Dd167Aa0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_88be4fbb337fa866e126021b40a01d86a33029071af7efc289a8c5490d21ea8a" score = 75 quality = 75 @@ -103956,8 +103956,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B25398Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6fb3b77be0a66a10124a82f9ec6ad22247d7865a4d26aa49c5d602320318ce3c" logic_hash = "v1_sha256_e7fdb3c573909e8f197417278a6d333cc3743b05257d81fed46769b185354183" score = 75 @@ -103985,8 +103985,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_6A279F19 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b01f72b2c53db9b8f253bb98c6584581ebd1af1b1aaee62659f54193c269fca" logic_hash = "v1_sha256_91e3c0d96fe5ab9c61b38f01d39639020ec459bec6348b1f87a2c5b1a874e24a" score = 75 @@ -104014,8 +104014,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_4E7945A4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b7504ce57787956e486d951b4ff78d73807fcc2a7958b172febc6d914e7a23a7" logic_hash = "v1_sha256_aebc544076954fcce917e026467a8828b18446ce7c690b4c748562e311b7d491" score = 75 @@ -104043,8 +104043,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_29C1C386 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444" logic_hash = "v1_sha256_1a3a9065cbb59658c06dfbfc622ccd2e577e988370ffe47848a5859f96db4e24" score = 75 @@ -104072,8 +104072,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_25B63F54 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_640ffe2040e382ad536c1b6947e05f8c25ff82897ef7ac673a7676815856a346" score = 75 quality = 75 @@ -104100,8 +104100,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_73E2373E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444" logic_hash = "v1_sha256_2377da6667860dc7204760ee64213cba95909c9181bd1a3ea96c3ad29988c9f7" score = 75 @@ -104129,8 +104129,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B8552Fff : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "v1_sha256_476b800422b6d98405d8bde727bb589c5cae36723436b269beaa65381b3d0abe" score = 75 @@ -104158,8 +104158,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_83550472 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63" logic_hash = "v1_sha256_f62d4a2a7dfb312b2e362844bfa29bd4453a05f31b4f72550ef29ff40ed6fb9d" score = 75 @@ -104187,8 +104187,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_8799D8D6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4a6d98eae8951e5b9e0a226f1197732d6d14ed45c1b1534d3cdb4413261eb352" logic_hash = "v1_sha256_4bcd7931aeed09069d5dd248a66f119a2bdf628e03b9abed9ee2de59a149c2bc" score = 75 @@ -104216,8 +104216,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_0F7C5375 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e75be5377ad65abdc69e6c7f9fe17429a98188a217d0ca3a6f40e75c4f0c07e8" logic_hash = "v1_sha256_05f4b16a7e4c7ffbc6b8a2f60050a4ac1d05d9efbe948e2da689055f6383cf82" score = 75 @@ -104245,8 +104245,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_87639Dbd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63" logic_hash = "v1_sha256_b81af8c9baee999b91e63f97d5a46451d9960487b25b04079df5539f857be466" score = 75 @@ -104274,8 +104274,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Cdd631C1 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "91549c171ae7f43c1a85a303be30169932a071b5c2b6cf3f4913f20073c97897" logic_hash = "v1_sha256_5e4b26a74fc3737c068917c7c1228048f885ac30fc326a2844611f7e707d1300" score = 75 @@ -104303,8 +104303,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_209B02Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "60d33d1fdabc6b10f7bb304f4937051a53d63f39613853836e6c4d095343092e" logic_hash = "v1_sha256_5cadc955242d4b7d5fd4365a0b425051d89c905e3d49ea03967150de0020225c" score = 75 @@ -104332,8 +104332,8 @@ rule ELASTIC_Windows_Vulndriver_Microstar_D72B85B2 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59" logic_hash = "v1_sha256_04e9c1f318acae5544cdc826938383bf8f6c6b838cb5828a7097383ac564f404" score = 75 @@ -104363,8 +104363,8 @@ rule ELASTIC_Macos_Hacktool_Bifrost_39Bcbdf8 : FILE MEMORY date = "2021-10-12" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e2b64df0add316240b010db7d34d83fc9ac7001233259193e5a72b6e04aece46" logic_hash = "v1_sha256_a2ff4f1aca51e80f2b277e9171e99a80a75177d1d17d487de2eb8872832cb0d5" score = 75 @@ -104400,8 +104400,8 @@ rule ELASTIC_Linux_Cryptominer_Zexaf_B90E7683 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "98650ebb7e463a06e737bcea4fd2b0f9036fafb0638ba8f002e6fe141b9fecfe" logic_hash = "v1_sha256_d8485d8fbf00d5c828d7c6c80fef61f228f308e3d27a762514cfb3f00053b30b" score = 75 @@ -104429,8 +104429,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_7Bea6C8F : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea" logic_hash = "v1_sha256_3b148fed9c52af1d2d1eb18b6c4b191fb80e547f2da1beccdaf3d3e0237ecc1b" score = 75 @@ -104459,8 +104459,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_Abe8Bfa6 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_DirectIo.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_DirectIo.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5" logic_hash = "v1_sha256_5224938b0381943a171b1db00249e71c43ce2c179ef4bbe14b46cc0787e35cb2" score = 75 @@ -104489,8 +104489,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_3315863F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498" logic_hash = "v1_sha256_ba4e6a94516e36dcd6140b6732d959703e2c58a79add705b9260001ea26db738" score = 75 @@ -104519,8 +104519,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_1B1C5Cd5 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22" logic_hash = "v1_sha256_5fcfffea021aee8d18172383df0e65f8c618fab545c800f1a7b659e8112c6c0f" score = 75 @@ -104550,8 +104550,8 @@ rule ELASTIC_Linux_Trojan_Pornoasset_927F314F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93" logic_hash = "v1_sha256_7267375346c1628e04c8272c24bde04a5d6ae2b420f64dfe58657cfc3eecc0e7" score = 75 @@ -104579,8 +104579,8 @@ rule ELASTIC_Windows_Virus_Floxif_493D1897 : FILE MEMORY date = "2023-09-26" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Virus_Floxif.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Virus_Floxif.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e628b7973ee25fdfd8f849fdf5923c6fba48141de802b0b4ce3e9ad2e40fe470" logic_hash = "v1_sha256_d3f516966bd4423c49771251075a1ea2f725aec91615f7f44dd098da2a4f3574" score = 75 @@ -104608,8 +104608,8 @@ rule ELASTIC_Linux_Packer_Patched_UPX_62E11C64 : FILE date = "2021-06-08" modified = "2021-07-28" reference = "https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669" logic_hash = "v1_sha256_cb576fdd59c255234a96397460b81cbb2deeb38befaed101749b7bb515624028" score = 75 @@ -104637,8 +104637,8 @@ rule ELASTIC_Windows_Vulndriver_Truesight_7429Ac81 : FILE MEMORY date = "2024-06-21" modified = "2024-09-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_TrueSight.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_TrueSight.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bfc2ef3b404294fe2fa05a8b71c7f786b58519175b7202a69fe30f45e607ff1c" logic_hash = "v1_sha256_8490947a632ca32822231631e19e52380b8b1a26c74c697d36898b0facbfcc9c" score = 75 @@ -104667,8 +104667,8 @@ rule ELASTIC_Windows_Hacktool_Edrrecon_69453Aff : FILE MEMORY date = "2024-03-07" modified = "2024-06-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_EDRrecon.yar#L1-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_EDRrecon.yar#L1-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f62e51b2405c0d42c53ff1f560376ef0530ba2eea1c97e18f2a3cf148346bcd1" logic_hash = "v1_sha256_3d0f6dc5d47a3c0957a7aa8d2918fee113d079d7d74f37a1c17c5429034ba41f" score = 75 @@ -104736,8 +104736,8 @@ rule ELASTIC_Windows_Hacktool_Edrrecon_Ca314Aa1 : FILE MEMORY date = "2024-03-07" modified = "2024-06-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_EDRrecon.yar#L61-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_EDRrecon.yar#L61-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f62e51b2405c0d42c53ff1f560376ef0530ba2eea1c97e18f2a3cf148346bcd1" logic_hash = "v1_sha256_04b8681b0b6f8fa51eb90488edf35638da3334886c7db5fc22218712b0d23007" score = 75 @@ -104801,8 +104801,8 @@ rule ELASTIC_Windows_Vulndriver_Segwin_04A3962E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd" logic_hash = "v1_sha256_1e9ba5fc78f2b4eeee56314c9e8cf3071817d726b44cb8510f8d7069e85ab7bf" score = 75 @@ -104832,8 +104832,8 @@ rule ELASTIC_Windows_Trojan_Cryptbot_489A6562 : FILE MEMORY date = "2021-08-18" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "423563995910af04cb2c4136bf50607fc26977dfa043a84433e8bd64b3315110" logic_hash = "v1_sha256_7fee3cc67419e66de790ba2ad8c3102425b3a45bdfe31801758dd38021a8439b" score = 75 @@ -104865,8 +104865,8 @@ rule ELASTIC_Linux_Trojan_Adlibrary_2E908E5F : FILE MEMORY date = "2022-08-23" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "acb22b88ecfb31664dc07b2cb3490b78d949cd35a67f3fdcd65b1a4335f728f1" logic_hash = "v1_sha256_0d0df636876adf0268b7a409bfc9d8bfad298793d11297596ef91aeba86889da" score = 75 @@ -104894,8 +104894,8 @@ rule ELASTIC_Windows_Vulndriver_Toshibabios_2891972A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073" logic_hash = "v1_sha256_c253181a754f421ee36ced994412672770497756848d78d557907957486e711b" score = 75 @@ -104925,8 +104925,8 @@ rule ELASTIC_Windows_Trojan_Pizzapotion_D334C613 : FILE MEMORY date = "2023-09-13" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "37bee101cf34a84cba49adb67a555c6ebd3b8ac7c25d50247b0a014c82630003" logic_hash = "v1_sha256_de7d395c8a993abf9858858e56ba0ec4acbf0fa1c8bfe4a34ae95be2205967fc" score = 75 @@ -104959,8 +104959,8 @@ rule ELASTIC_Windows_Ransomware_Mespinoza_3Adb59F5 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6f3cd5f05ab4f404c78bab92f705c91d967b31a9b06017d910af312fa87ae3d6" logic_hash = "v1_sha256_28c8ad42a3af70fed274edc9105dae5cef13749d71510561a50428c822464934" score = 75 @@ -104990,8 +104990,8 @@ rule ELASTIC_Windows_Trojan_Gh0St_Ee6De6Bc : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ea1dc816dfc87c2340a8b8a77a4f97618bccf19ad3b006dce4994be02e13245d" logic_hash = "v1_sha256_3619df974c9f4ec76899afbafdfd6839070714862c7361be476cf8f83e766e2f" score = 75 @@ -105023,8 +105023,8 @@ rule ELASTIC_Windows_Ransomware_Agenda_D7B1Af3F : FILE MEMORY date = "2024-09-10" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Agenda.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Agenda.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "117fc30c25b1f28cd923b530ab9f91a0a818925b0b89b8bc9a7f820a9e630464" logic_hash = "v1_sha256_a68330bf98ae200ff2d0da51836436f2bdff5c10eb4e0145502f688055980493" score = 75 @@ -105055,8 +105055,8 @@ rule ELASTIC_Windows_Vulndriver_Gdrv_5368078B : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427" logic_hash = "v1_sha256_f4d43ac4a4b6d879ffb5ba637b38ec75c8b57f531db644015c1a71c2cdea45d5" score = 75 @@ -105086,8 +105086,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_C80F3B4B : FILE MEMORY date = "2022-01-17" modified = "2022-01-17" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92" logic_hash = "v1_sha256_04452141a867d4f6fce618c21795cc142a1265b56c62ecb9e579003d36b4b2b9" score = 75 @@ -105116,8 +105116,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_3476008E : FILE MEMORY date = "2022-01-18" modified = "2022-01-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d" logic_hash = "v1_sha256_729818df1b6b82fc00eba0fe1c9139ec4746e1775146ab7fdea9e25dec1cddea" score = 75 @@ -105148,8 +105148,8 @@ rule ELASTIC_Windows_Vulndriver_BSMI_65223B8D : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347" logic_hash = "v1_sha256_c4fa65bbd9d374092137b65209f29744caeb8b04fbd364b1acc67b73c45604e8" score = 75 @@ -105179,8 +105179,8 @@ rule ELASTIC_Linux_Rootkit_Brokepkg_7B7D4581 : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_BrokePKG.yar#L1-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_BrokePKG.yar#L1-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "97c5e011c7315a05c470eef4032030e461ec2a596513703beedeec0b0c6ed2da" logic_hash = "v1_sha256_a4e5916fa0ca6b07fcbb6f970abb0212a970cf723b906e605c18e620efc501dc" score = 75 @@ -105227,8 +105227,8 @@ rule ELASTIC_Windows_Hacktool_Dcsyncer_425579C5 : FILE MEMORY date = "2021-09-15" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "af7dbc84efeb186006d75d095f54a266f59e6b2348d0c20591da16ae7b7d509a" logic_hash = "v1_sha256_b0330adf1d4420ddf1f302974d2e4179f52ab1c8dc2f294ddf52286d714e0463" score = 75 @@ -105260,8 +105260,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_66197D54 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_7bccf37960e2f197bb0021ecb12872f0f715b674d9774d02ec4e396f18963029" score = 75 @@ -105297,8 +105297,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_E8Ed269C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_c56b6dfb2c3ae657615c825a4d5d5640c2204fa4217262e1ccb4359d5a914a63" score = 75 @@ -105336,8 +105336,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_413Caa6B : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_4f2417d61be5e68630408a151cd73372aef9e7f4638acf4e80bfa5b2811119a7" score = 75 @@ -105375,8 +105375,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_23Fee092 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_ed019c9198b5d9ff8392bfd7e0b23a7b1383eabce4c71c665a3ca4a943c8b6ee" score = 75 @@ -105412,8 +105412,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_861D3264 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_e6a0a0a24c70d69c0aa56063d2db0f5a0fedcda5b96d945ac14520524b1d00fd" score = 75 @@ -105451,8 +105451,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_57587F8C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_175b8b6f9fca189f2fc41f1029ad512db2c8b0e52ea04bfbc3d410d355928ab9" score = 75 @@ -105490,8 +105490,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Cae025B1 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_9c34443cffed43513242321e2170484dbb0d41b251aee8ea640d44da76918122" score = 75 @@ -105527,8 +105527,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4A9B9603 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_8d78483b54d3be6988b1f5df826b8709b7aa2045ff3a3e754c359365d053bb27" score = 75 @@ -105564,8 +105564,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4Db2C852 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_88c88103a055d25ba97f08e2f47881001ad8a2200a33ac04246494963dfe6638" score = 75 @@ -105603,8 +105603,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Bcedc8B2 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_7f0a6a9168b5ff7cc02ccadd211cc8096307651be65c2b3e7cc9fdbbde08ab9f" score = 75 @@ -105642,8 +105642,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_B6Bb3E7C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_e2eaf91b9c5d3616fb2f6f6bc4b44841b1efa3b4efe7ac72afe225728523af75" score = 75 @@ -105681,8 +105681,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_94474B0B : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "v1_sha256_e209c9ce1f4b11c5fdeade3298329d62f5cf561403c87077d94b6921e81ffaea" score = 75 @@ -105720,8 +105720,8 @@ rule ELASTIC_Linux_Trojan_Cerbu_69D5657E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f10bf3cf2fdfbd365d3c2d8dedb2d01b85236eaa97d15370dbcb5166149d70e9" logic_hash = "v1_sha256_644e8d5a1b5c8618e71497f21b0244215924e293e274b9164692dd927cd74ba8" score = 75 @@ -105749,8 +105749,8 @@ rule ELASTIC_Windows_Trojan_Guloader_8F10Fa66 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Guloader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Guloader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e" logic_hash = "v1_sha256_f2cd08f6a32c075dc0294a0e26c51e686babc54ced4faa1873368c8821f0bfef" score = 75 @@ -105782,8 +105782,8 @@ rule ELASTIC_Windows_Trojan_Guloader_C4D9Dd33 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Guloader.yar#L26-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Guloader.yar#L26-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e" logic_hash = "v1_sha256_623ea751fc32648720bda40598024d4d5b6a9a11b3cce3c9427310ba17745643" score = 75 @@ -105811,8 +105811,8 @@ rule ELASTIC_Windows_Trojan_Guloader_2F1E44C8 : FILE MEMORY date = "2023-10-30" modified = "2023-11-02" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Guloader.yar#L47-L70" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Guloader.yar#L47-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6ae7089aa6beaa09b1c3aa3ecf28a884d8ca84f780aab39902223721493b1f99" logic_hash = "v1_sha256_434b33c3fdc6bf4b0f59cd4aba66327d0b7ab524be603b256494d46b609cecd5" score = 75 @@ -105844,8 +105844,8 @@ rule ELASTIC_Linux_Ransomware_Hive_Bdc7De59 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Hive.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Hive.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771" logic_hash = "v1_sha256_33908128258843d63c5dfe5acf15cfd68463f5cbdf08b88ef1bba394058a5a92" score = 75 @@ -105873,8 +105873,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_70557305 : FILE MEMORY date = "2021-08-08" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ad13fd7968f9574d2c822e579291c77a0c525991cfb785cbe6cdd500b737218" logic_hash = "v1_sha256_f3eee9808a1e8a2080116dda7ce795815e1179143c756ea8fdd26070f1f8f74a" score = 75 @@ -105907,8 +105907,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_4669Dcd6 : FILE MEMORY date = "2021-08-08" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1b55042e06f218546db5ddc52d140be4303153d592dcfc1ce90e6077c05e77f7" logic_hash = "v1_sha256_64b2099f40f94b17bc5860b41773c41322420500696d320399ff1c016cb56e15" score = 75 @@ -105936,8 +105936,8 @@ rule ELASTIC_Windows_Ransomware_Hive_55619Cd0 : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Hive.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Hive.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "v1_sha256_51e2b03a9f9b92819bbf05ecbb33a23662a40e7d51f9812aa8243c4506057f1f" score = 75 @@ -105967,8 +105967,8 @@ rule ELASTIC_Windows_Ransomware_Hive_3Ed67Fe6 : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Hive.yar#L23-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Hive.yar#L23-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "v1_sha256_a599f0d528bdbec00afa7e9a5cddec5e799ee755a7f30af70dde7d2459b70155" score = 75 @@ -106000,8 +106000,8 @@ rule ELASTIC_Windows_Ransomware_Hive_B97Ec33B : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Hive.yar#L47-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Hive.yar#L47-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "v1_sha256_10034d9f53fd5099a423269e0c42c01eac18318f5d11599e1390912c8fd7af25" score = 75 @@ -106029,8 +106029,8 @@ rule ELASTIC_Linux_Trojan_Bluez_50E87Fa9 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1e526b6e3be273489afa8f0a3d50be233b97dc07f85815cc2231a87f5a651ef1" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Bluez.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Bluez.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_53754c538a7dea6f06e37980901350feddc3517821ea42544cb96e371709752f" score = 75 quality = 75 @@ -106057,8 +106057,8 @@ rule ELASTIC_Windows_Ransomware_Maze_61254061 : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Maze.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Maze.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_b8537add953cdd7bc6adbff97f7f5a94de028709f0bd71102ee96d26d55f4f20" score = 75 quality = 75 @@ -106087,8 +106087,8 @@ rule ELASTIC_Windows_Ransomware_Maze_46F40C40 : BETA FILE MEMORY date = "2020-04-18" modified = "2021-10-04" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Maze.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Maze.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_99180f41aaaf1dfb0a8a40709dcc392fdbc2b2d3a4d4b4a1ab160dd5f2b4c703" score = 75 quality = 75 @@ -106118,8 +106118,8 @@ rule ELASTIC_Windows_Ransomware_Maze_20Caee5B : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Maze.yar#L46-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Maze.yar#L46-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e09c059b285d2176aeba1a1f70d39f13cef4e05dc023c7db25fb9d92bd9a67d9" score = 75 quality = 75 @@ -106153,8 +106153,8 @@ rule ELASTIC_Windows_Ransomware_Maze_F88F136F : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Maze.yar#L73-L94" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Maze.yar#L73-L94" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_5587f332a076650f6ad7b1e3b464ef6085d960e6dacf53607cf75c9f9ad07628" score = 75 quality = 75 @@ -106184,8 +106184,8 @@ rule ELASTIC_Linux_Trojan_Winnti_61215D98 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Winnti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Winnti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31" logic_hash = "v1_sha256_051cc157f189094d25d45e66e410bdfd61ed7649a4c935d076cec1597c5debf5" score = 75 @@ -106213,8 +106213,8 @@ rule ELASTIC_Linux_Trojan_Winnti_4C5A1865 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0d963a713093fc8e5928141f5747640c9b43f3aadc8a5478c949f7ec364b28ad" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Winnti.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Winnti.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_69f6dcba59ec8cd7f4dfe853495a35601e35d74476fad9e18bef7685a68ece51" score = 75 quality = 75 @@ -106241,8 +106241,8 @@ rule ELASTIC_Linux_Trojan_Winnti_6F4Ca425 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "161af780209aa24845863f7a8120aa982aa811f16ec04bcd797ed165955a09c1" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Winnti.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Winnti.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_a1ffc0e3d27c4bb9fd10f14d45b649b4f059c654b31449013ac06d0981ed25ed" score = 75 quality = 75 @@ -106269,8 +106269,8 @@ rule ELASTIC_Linux_Trojan_Winnti_De4B0F6E : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "a6b9b3ea19eaddd4d90e58c372c10bbe37dbfced638d167182be2c940e615710" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Winnti.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Winnti.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_fb7b0ff4757dfc1ba2ca8585d5ddf14aae03063e10bdc2565443362c6ba37c30" score = 75 quality = 75 @@ -106297,8 +106297,8 @@ rule ELASTIC_Windows_Hacktool_Safetykatz_072B7370 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "89a456943cf6d2b3cd9cdc44f13a23640575435ed49fa754f7ed358c1a3b6ba9" logic_hash = "v1_sha256_cedd3ede487371a8e0d29804f2b81ae808c7ad01bd803fa39dc2c50e472cff43" score = 75 @@ -106330,8 +106330,8 @@ rule ELASTIC_Windows_Trojan_Jupyter_56152E31 : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ce486097ad2491aba8b1c120f6d0aa23eaf59cf698b57d2113faab696d03c601" logic_hash = "v1_sha256_7b32e9caca744f4f6b48aefa5fda111e6b7ac81a62dd1fb8873d2c800ac3c42b" score = 75 @@ -106362,8 +106362,8 @@ rule ELASTIC_Windows_Trojan_Farfli_85D1Bcc9 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Farfli.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Farfli.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e3e9ea1b547cc235e6f1a78b4ca620c69a54209f84c7de9af17eb5b02e9b58c3" logic_hash = "v1_sha256_746eb5a2583077189d82d1a96b499ff383f31220845bd8a6df5b7a7ceb11e6fb" score = 75 @@ -106391,8 +106391,8 @@ rule ELASTIC_Windows_Vulndriver_Agent64_8Ef48Aeb : FILE date = "2022-07-19" modified = "2022-07-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748" hash = "4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca" logic_hash = "v1_sha256_a35f82202507e582e3cbc7018656545fcee1244ec1638a696f0b7c970fd5023c" @@ -106426,8 +106426,8 @@ rule ELASTIC_Windows_Trojan_Formbook_1112E116 : FILE MEMORY date = "2021-06-14" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Formbook.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Formbook.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a" logic_hash = "v1_sha256_ec307a8681fa01fc0c7c0579b0e3eff10e7f373159ad58dae0a358ff16fbc10b" score = 75 @@ -106458,8 +106458,8 @@ rule ELASTIC_Windows_Trojan_Formbook_772Cc62D : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Formbook.yar#L25-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Formbook.yar#L25-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_db9ab8df029856fc1c210499ed8e1b92c9722f7aa2264363670c47b51ec8fa83" score = 75 quality = 75 @@ -106489,8 +106489,8 @@ rule ELASTIC_Windows_Trojan_Formbook_5799D1F2 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Formbook.yar#L48-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Formbook.yar#L48-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8555a6d313cb17f958fc2e08d6c042aaff9ceda967f8598ac65ab6333d14efd9" logic_hash = "v1_sha256_8e61eabd11beb9fb35c016983cfb3085f5ceddfc8268522f3b48d20be5b5df6a" score = 75 @@ -106518,8 +106518,8 @@ rule ELASTIC_Linux_Ransomware_Blackbasta_96Eb3F20 : FILE MEMORY date = "2022-08-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be" logic_hash = "v1_sha256_a5e0b60ba51490f70af53c9fba91e3349c712bebb10574eb4bed028ab961ae74" score = 75 @@ -106553,8 +106553,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_Aaf312C3 : FILE MEMORY date = "2022-02-02" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "v1_sha256_0771ab5a795af164a568bda036cccf08afeb33458f2cd5a7240349fca9b60ead" score = 75 @@ -106583,8 +106583,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_00E525D7 : FILE MEMORY date = "2022-02-02" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "v1_sha256_e44625d0fa8308b9d4d63a9e6920b4da4a2ce124437f122b2c8fe5cf0ab85a6b" score = 75 @@ -106615,8 +106615,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_C4B043E6 : FILE MEMORY date = "2022-09-12" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "45b8678f74d29c87e2d06410245ab6c2762b76190594cafc9543fb9db90f3d4f" logic_hash = "v1_sha256_1262ca76581920f08a6482ead68023fdfff08a9ddd19e00230054e3167dc184c" score = 75 @@ -106644,8 +106644,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_70171625 : FILE MEMORY date = "2023-01-05" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "v1_sha256_fd07acd7c8627754f000c44827848bf65bcaa96f2dfb46e41542f3c9b40eee78" score = 75 @@ -106681,8 +106681,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_E066D802 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "00360830bf5886288f23784b8df82804bf6f22258e410740db481df8a7701525" logic_hash = "v1_sha256_00fbb8013faf26c35b6cd8a72ebc246444c37c5ec7a0df2295830e96c01c8720" score = 75 @@ -106712,8 +106712,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_0Ffb0A37 : FILE MEMORY date = "2023-07-29" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_BlackCat.yar#L115-L134" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_BlackCat.yar#L115-L134" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "57136b118a0d6d3c71e522ea53e3305dae58b51f06c29cd01c0c28fa0fa34287" logic_hash = "v1_sha256_4f28281e4b23868c63438d4800b9e5978426e7c98b6142ef8082cfd251cafe57" score = 75 @@ -106742,8 +106742,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_185E2396 : FILE MEMORY date = "2022-12-16" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f" logic_hash = "v1_sha256_caa21cc019d8e4549d976f8b4f98d930ef7acf4c39c41956ae35fa78c975e016" score = 75 @@ -106778,8 +106778,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_3A5B56Dd : FILE MEMORY date = "2022-12-16" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f" logic_hash = "v1_sha256_2491fff4ad0327e0440d842f221fb6623c8efd97e2991bf2090abceaef9c2ccf" score = 75 @@ -106812,8 +106812,8 @@ rule ELASTIC_Linux_Trojan_Bedevil_A1A72C39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "017a9d7290cf327444d23227518ab612111ca148da7225e64a9f6ebd253449ab" logic_hash = "v1_sha256_227adcc340c38cebf56ea2f39b483c965dd46827d83afe5f866ca844c932da76" score = 75 @@ -106841,8 +106841,8 @@ rule ELASTIC_Windows_Trojan_Stormkitty_6256031A : FILE MEMORY date = "2022-03-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0c69015f534d1da3770dbc14183474a643c4332de6a599278832abd2b15ba027" logic_hash = "v1_sha256_a797e87eaf5b173da9dd43fcff03b3d26198dcafa29c3f2ca369773c73001234" score = 75 @@ -106875,8 +106875,8 @@ rule ELASTIC_Windows_Trojan_Doorme_246Eda61 : FILE MEMORY date = "2022-12-09" modified = "2022-12-15" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "96b226e1dcfb8ea2155c2fa508125472c8c767569d009a881ab4c39453e4fe7f" logic_hash = "v1_sha256_01240f2e23904498c34ec805cc8bc3e9ac7b76c6519685ef6b367066f1a0bc5b" score = 75 @@ -106909,8 +106909,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_D9A9173A : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7" logic_hash = "v1_sha256_93961d9771aa4e828e15923064a848291c7814ad4e15e30cd252fc41523d789e" score = 75 @@ -106941,8 +106941,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_E87C9D50 : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fd285c2fb4d42dde23590118dba016bf5b846625da3abdbe48773530a07bcd1e" logic_hash = "v1_sha256_455ecf97e7becaf9c40843f8a3f60ec233d35e0061c6994f168428a8835c1b20" score = 75 @@ -106974,8 +106974,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_3Bcac358 : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ad16989a3ebf0b416681f8db31af098e02eabd25452f8d781383547ead395237" logic_hash = "v1_sha256_f260372b9f2ea32f93ff7a30dc8239766e713a1e177a483444b14538741c24af" score = 75 @@ -107006,8 +107006,8 @@ rule ELASTIC_Windows_Trojan_Qbot_D91C1384 : FILE MEMORY date = "2021-07-08" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Qbot.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Qbot.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "18ac3870aaa9aaaf6f4a5c0118daa4b43ad93d71c38bf42cb600db3d786c6dda" logic_hash = "v1_sha256_8fd8249a2af236c92ccbc20b2a8380f69ca75976bd64bad167828e9ab4c6ed90" score = 75 @@ -107035,8 +107035,8 @@ rule ELASTIC_Windows_Trojan_Qbot_7D5Dc64A : FILE MEMORY date = "2021-10-04" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Qbot.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Qbot.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a2bacde7210d88675564106406d9c2f3b738e2b1993737cb8bf621b78a9ebf56" logic_hash = "v1_sha256_5c8858502050494ab20a230f04c2c1cb4bfcd80f4a248dad82787d7ce67c741d" score = 75 @@ -107065,8 +107065,8 @@ rule ELASTIC_Windows_Trojan_Qbot_6Fd34691 : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Qbot.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Qbot.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0838cd11d6f504203ea98f78cac8f066eb2096a2af16d27fb9903484e7e6a689" logic_hash = "v1_sha256_9422d9f276f0c8c2990ece3282d918abc6fcce7eeb6809d46ae6b768a501a877" score = 75 @@ -107095,8 +107095,8 @@ rule ELASTIC_Windows_Trojan_Qbot_3074A8D4 : FILE MEMORY date = "2022-06-07" modified = "2022-07-18" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Qbot.yar#L66-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Qbot.yar#L66-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a" logic_hash = "v1_sha256_90c06bd09fe640bb5a6be8e4f2384fb15c7501674d57db005e790ed336740c99" score = 75 @@ -107136,8 +107136,8 @@ rule ELASTIC_Windows_Trojan_Qbot_1Ac22A26 : FILE MEMORY date = "2022-12-29" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Qbot.yar#L99-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Qbot.yar#L99-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a" logic_hash = "v1_sha256_d9beaf4a8c28a0b3c38dda6bf22a96b8c96ef715bd36de880504a9f970338fe2" score = 75 @@ -107183,8 +107183,8 @@ rule ELASTIC_Windows_Vulndriver_Elby_65B09743 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b" logic_hash = "v1_sha256_7c7438520b238daf38d4ac91cbdee48bbfa9c85bd76208a436ce59edcfcecb80" score = 75 @@ -107214,8 +107214,8 @@ rule ELASTIC_Multi_Trojan_Merlin_32643F4C : FILE MEMORY date = "2024-03-01" modified = "2024-05-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Trojan_Merlin.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Trojan_Merlin.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "84b988c4656677bc021e23df2a81258212d9ceba13be204867ac1d9d706404e2" logic_hash = "v1_sha256_7de2deec0e2c7fd3ce2b42762f88bfe87cb4ffb02b697953aa1716425d6f1612" score = 75 @@ -107252,8 +107252,8 @@ rule ELASTIC_Linux_Proxy_Frp_4213778F : FILE MEMORY date = "2021-10-20" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Proxy_Frp.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Proxy_Frp.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "16294086be1cc853f75e864a405f31e2da621cb9d6a59f2a71a2fca4e268b6c2" logic_hash = "v1_sha256_83eeb632026c38ac08357c27d971da31fbc9a0500ecf489e8332ac5862a77b85" score = 75 @@ -107290,8 +107290,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_28B13E67 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0b50a38749ea8faf571169ebcfce3dfd668eaefeb9a91d25a96e6b3881e4a3e8" logic_hash = "v1_sha256_586ae19e570c51805afd3727b2e570cdb1c48344aa699e54774a708f02bc3a6f" score = 75 @@ -107319,8 +107319,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_75C8Cb4E : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3d69912e19758958e1ebdef5e12c70c705d7911c3b9df03348c5d02dd06ebe4e" logic_hash = "v1_sha256_527fecb8460c0325c009beddd6992e0abbf8c5a05843e4cedf3b17deb4b19a1c" score = 75 @@ -107348,8 +107348,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_17B564B4 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "94f6e5ee6eb3a191faaf332ea948301bbb919f4ec6725b258e4f8e07b6a7881d" logic_hash = "v1_sha256_40cd2a793c8ed51a8191ecb9b358f50dc2035d997d0f773f6049f9c272291607" score = 75 @@ -107377,8 +107377,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C90C088A : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "875513f4ebeb63b9e4d82fb5bff2b2dc75b69c0bfa5dd8d2895f22eaa783f372" logic_hash = "v1_sha256_c82c5c8d1e38e0d2631c5611e384eb49b58c64daeafe0cc642682e5c64686b60" score = 75 @@ -107406,8 +107406,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_3965578D : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d72543505e36db40e0ccbf14f4ce3853b1022a8aeadd96d173d84e068b4f68fa" logic_hash = "v1_sha256_6bd24640e0a3aa152fcd90b6975ee4fb7e99ab5f2d48d3a861bc804c526c90b6" score = 75 @@ -107435,8 +107435,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_00D9D0E9 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "73069b34e513ff1b742b03fed427dc947c22681f30cf46288a08ca545fc7d7dd" logic_hash = "v1_sha256_535831872408caa27984190d1b1b1a5954e502265925d50457e934219598dbfd" score = 75 @@ -107464,8 +107464,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_650B8Ff4 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "78fd2c4afd7e810d93d91811888172c4788a0a2af0b88008573ce8b6b819ae5a" logic_hash = "v1_sha256_e8a706db010e9c3d9714d5e7a376e9b2189af382a7b01db9a9e7ee947e9637bb" score = 75 @@ -107493,8 +107493,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C8Ad7Edd : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d4915473e1096a82afdaee405189a0d0ae961bd11a9e5e9adc420dd64cb48c24" logic_hash = "v1_sha256_be09b4bd612bb499044fe91ca4e1ab62405cf1e4d75b8e1da90e326d1c66e04f" score = 75 @@ -107522,8 +107522,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_Cb7344Eb : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "53373668d8c5dc17f58768bf59fb5ab6d261a62d0950037f0605f289102e3e56" logic_hash = "v1_sha256_6b5e868dfd14e9b1cdf3caeb1216764361b28c1dd38849526baf5dbdb1020d8d" score = 75 @@ -107551,8 +107551,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_753E5738 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "42aeea232b28724d1fa6e30b1aeb8f8b8c22e1bc8afd1bbb4f90e445e31bdfe9" logic_hash = "v1_sha256_7a6907b51c793e4182c1606eab6f2bcb71f0350a34aef93fa3f3a9f1a49961ba" score = 75 @@ -107580,8 +107580,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_7B9F0C28 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fc4da125fed359d3e1740dafaa06f4db1ffc91dbf22fd5e7993acf8597c4c283" logic_hash = "v1_sha256_32abbb76c866e3a555ee6a9c39f62a0712f641959b66068abfb4379baa9a9da9" score = 75 @@ -107609,8 +107609,8 @@ rule ELASTIC_Windows_Hacktool_Sharprdp_80895Fcb : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876" logic_hash = "v1_sha256_ef9a92f2ed29f508dca591e9c65a6ce0013ccdfd0c62770e8840be2f3ee5982e" score = 75 @@ -107642,8 +107642,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_B32C6B99 : FILE MEMORY date = "2021-04-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a3b3f56a61c6dc8ba2aa25bdd9bd7dc2c5a4602c2670431c5cbc59a76e2b4c54" logic_hash = "v1_sha256_f9e023f340edc4c46b2926e750c2ad3a3798e34415e43c0ea2d83073e3dc526a" score = 75 @@ -107677,8 +107677,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_15Eeb7B9 : FILE MEMORY date = "2021-04-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746" logic_hash = "v1_sha256_f1ab9ad69f9ea75343c7404b82a3f7a4976a442b980a98fe5b95c55d4f9cb34e" score = 75 @@ -107707,8 +107707,8 @@ rule ELASTIC_Windows_Trojan_Gozi_Fd494041 : FILE MEMORY date = "2021-03-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Gozi.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Gozi.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237" logic_hash = "v1_sha256_fdd18817e7377f1b4006d3bf135d924b8ead62a461ea56f57157b2856ba6846b" score = 75 @@ -107749,8 +107749,8 @@ rule ELASTIC_Windows_Trojan_Gozi_261F5Ac5 : FILE MEMORY date = "2019-08-02" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Gozi.yar#L34-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Gozi.yar#L34-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f" logic_hash = "v1_sha256_23a7427e162e2f77ee0a281fe4bc54eab29a3bdca8e51015147e8eb223e7e2f7" score = 75 @@ -107786,8 +107786,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_C851687A : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7fac6fb24ac18bd69dd9f8f4090c4a77d1cc6554b6ae5c846e32d7666e5a1971" score = 75 quality = 25 @@ -107833,8 +107833,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_0B58325E : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_3822431e946fcc38c700cc8ce213e95f33a155d7f38b6ab2a24cb998d42c8521" score = 75 quality = 73 @@ -107882,8 +107882,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_2B8Cddf8 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_5502c06d33b93bae3bc25ba7dd6a5a9a3b0b2b43bb7e867e601ecb206bf503ed" score = 75 quality = 43 @@ -107928,8 +107928,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59B44767 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7027d0dcbdb1961d2604f29392a923957d298a047c268553599ea8c881f76a98" score = 75 quality = 69 @@ -107965,8 +107965,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Efd3C3F : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_45a0aaba6c1be016fc5f4051680ee7e3aa62e8a5d9730b7adab08c14ae37da24" score = 75 quality = 75 @@ -108000,8 +108000,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E971281 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_f204965c0118dbdfe7e134d319c92b30d22585e888609ff31df90643116a2c38" score = 75 quality = 51 @@ -108042,8 +108042,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_09B79Efa : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_75fd003b9adf03aff8479b1b10da9c94955870b5fa4f1958f870e14acb2793c7" score = 75 quality = 48 @@ -108082,8 +108082,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E77233E : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_93aa11523b794402b257d02d4f9edc5ad320bfdb5b8b0f671ff08f399ef9e674" score = 75 quality = 63 @@ -108128,8 +108128,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_De42495A : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_2a13c73d221d80d25a432f9e0a1387153a78f58719066586e9d80d17613293ef" score = 75 quality = 75 @@ -108169,8 +108169,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_72F68375 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_912e37829a9f99e00326745343c9e4593cd7cfb8d4dfafc66027cddcb4d883be" score = 75 quality = 63 @@ -108205,8 +108205,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_15F680Fb : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_0efe368ad82f5b0f6301121bfda9fd049b008ac246368bfa22bd976fa2c56b79" score = 75 quality = 75 @@ -108246,8 +108246,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_5B4383Ec : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_033bd831209958674f6309739d65c58d05acb9d17e53cede1cf171c6d6e84efa" score = 75 quality = 75 @@ -108287,8 +108287,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_91E08059 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d5a8c1a0baa5e915cff29bcac33e30a7d7260f938ecaa6171d3aa88425a69266" score = 75 quality = 75 @@ -108325,8 +108325,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Ee756Db7 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_8d594aa1b889e80000cfcedbfc470a1b768bdcc2a9c436cd449b495c91011918" score = 75 quality = 50 @@ -108404,8 +108404,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_9C0D5561 : FILE MEMORY date = "2021-03-23" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_a8929266950e0f540a68c4fedf708e8ddc27f208f9f2866245ad7bb7f6d87913" score = 75 quality = 75 @@ -108445,8 +108445,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59Ed9124 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_a50fd291f5f1bf7ec41b1938a32473a23c3c082018b86eab87aff0d95b26ba06" score = 75 quality = 43 @@ -108491,8 +108491,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8A791Eb7 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_d1765e6cac9b1560d6484baa1fa5a1bc0b768a72b389c7c6a60e34115669933e" score = 75 quality = 43 @@ -108537,8 +108537,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_D00573A3 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e458d41d28b76c989af6385f183f33aa9e11b93e529f032e95bd75433b80bd69" score = 75 quality = 75 @@ -108574,8 +108574,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Bcd759C : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_bfbb8e8009182e87c49242ec3da6e98b23447b646f5c7ea5f97196ae929d7c5f" score = 75 quality = 75 @@ -108606,8 +108606,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A56B820F : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_52de8110727c29b0f5c75cd470ce6b80ba7821d0ba78ad074536323e2e80b460" score = 75 quality = 43 @@ -108652,8 +108652,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_92F05172 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_7f0ff4ee14a043d72810826ab9d2b90b0f66724550ba9d3cdd2abe749f4874d0" score = 75 quality = 63 @@ -108692,8 +108692,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_417239B5 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_fda252747359e677459d82d65c4c9c8f2ff80bc8fd6a38712f858039f3cb8dd1" score = 75 quality = 51 @@ -108749,8 +108749,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_29374056 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_09755b23a7057c70f3ea242ec48549de65ebc6f13bdc38cbe22d6d758c3718cf" score = 75 quality = 75 @@ -108779,8 +108779,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_949F10E3 : FILE MEMORY date = "2021-03-25" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e4b726c83013f4b9c9d61683f78a4a91935225e9ed3de0ce164b96b5a6719579" score = 75 quality = 75 @@ -108809,8 +108809,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8751Cdf9 : FILE MEMORY date = "2021-03-25" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_64fae95fd89ad46a50a00c943cf98a997a0842a83be64b3728b25151867b75a8" score = 75 quality = 75 @@ -108839,8 +108839,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_663Fc95D : FILE MEMORY date = "2021-04-01" modified = "2021-12-17" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_842a0a372cfb2316293f4a08e1690194fa98368a9f6ffe9c63222b2c4ab6532c" score = 75 quality = 75 @@ -108868,8 +108868,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_B54B94Ac : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "v1_sha256_6f63e4c31e55da2008f95e9d05391e40d44e2757c511e666032563ab798e274c" score = 75 @@ -108902,8 +108902,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_F0B627Fc : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b" logic_hash = "v1_sha256_1087294af3a9ef59c00098f5fd7adfe0b335525e135d95e45ac30e44c6739a72" score = 75 @@ -108936,8 +108936,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Dcdcdd8C : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "v1_sha256_f3ae07282b763d3720e45a84878cc457f65041f381951cdc9affd5e3ce67e6cc" score = 75 @@ -108971,8 +108971,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A3Fb2616 : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "v1_sha256_a3c36326ccc2bc828f6654ccaba507a283f92146fdc52f71d7d934f6908793e2" score = 75 @@ -109004,8 +109004,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8Ee55Ee5 : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "v1_sha256_d0cc321e15660311ae0b8e3261abe716a50a2455f82635c1b02d0a5444c8a89a" score = 75 @@ -109035,8 +109035,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8D5963A2 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9fe43996a5c4e99aff6e2a1be743fedec35e96d1e6670579beb4f7e7ad591af9" logic_hash = "v1_sha256_f4f8fba807256bd885ccf4946eec8c2fb76eb04f86ed76d015178fe512a3c091" score = 75 @@ -109064,8 +109064,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_1787Eef5 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "v1_sha256_0b70c61e986dee3126fec6eea127e01fce4b647aff8e2d2d5072eb8328549225" score = 75 @@ -109098,8 +109098,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_4106070A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "98789a11c06c1dfff7e02f66146afca597233c17e0d4900d6a683a150f16b3a4" logic_hash = "v1_sha256_90f0209a55ca381ca58264664e04c007c799cf558f143d0c02983d4caf47bfb8" score = 75 @@ -109128,8 +109128,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_3Dc22D14 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7898194ae0244611117ec948eb0b0a5acbc15cd1419b1ecc553404e63bc519f9" logic_hash = "v1_sha256_2f52cd5f3b782c28e372c3daa9b7ddc4d2b9f68832f5250983412c2e7a755e73" score = 75 @@ -109158,8 +109158,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7F8Da98A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e3bc2bec4a55ad6cfdf49e5dbd4657fc704af1758ca1d6e31b83dcfb8bf0f89d" logic_hash = "v1_sha256_6c8698d65cbbf893f79ca1de5273535891418c87c234a2542f5f8079e56d9507" score = 75 @@ -109187,8 +109187,8 @@ rule ELASTIC_Windows_Exploit_Perfusion_5Ab5Ddee : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7fdef25acb0d1447203b9768ae58a8e21db24816c602b160d105dab86ae34728" logic_hash = "v1_sha256_490f3fc89cf78dbe82f1feb012a147a8d187612720efb6e1eb4e97720b26ee59" score = 75 @@ -109219,8 +109219,8 @@ rule ELASTIC_Linux_Exploit_Courier_190258Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Courier.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Courier.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "349866d0fb81d07a35b53eac6f11176721629bbd692526851e483eaa83d690c3" logic_hash = "v1_sha256_c318d78a11a021334c84a21db2be6d7df57440a1f3ad6feaaff9cc95ebf6f716" score = 75 @@ -109248,8 +109248,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_253C44De : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e31eb8880bb084b4c642eba127e64ce99435ea8299a98c183a63a2e6a139d926" logic_hash = "v1_sha256_81a07f60765f50c58b2c0f0153367ee570f36c579e9f88fb2f0e49ae5c08773f" score = 75 @@ -109277,8 +109277,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_535F07Ac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "28b2993d7c8c1d8dfce9cd2206b4a3971d0705fd797b9fde05211686297f6bb0" logic_hash = "v1_sha256_539977c1076b71873135cfe02153da87c0e9ac17122f04570977a22c92d2694f" score = 75 @@ -109306,8 +109306,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_Dcf6565E : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "49f3086105bdc160248e66334db00ce37cdc9167a98faac98800b2c97515b6e7" logic_hash = "v1_sha256_2bc943e100548e9aacd97930b3230353be760c8a292dbbbd1d0b5646f647c4fe" score = 75 @@ -109335,8 +109335,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_91091Be3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dca574d13fcbd7d244d434fcbca68136e0097fefc5f131bec36e329448f9a202" logic_hash = "v1_sha256_3b55cb3be5775311af4dc90f9624448d30cc58ef1a42729f6ca4eb3b36ad8b06" score = 75 @@ -109364,8 +109364,8 @@ rule ELASTIC_Windows_Trojan_Svcready_Af498D39 : FILE MEMORY date = "2022-06-12" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "08e427c92010a8a282c894cf5a77a874e09c08e283a66f1905c131871cc4d273" logic_hash = "v1_sha256_e3520103064cf82cd1747f8889667929d23466c9febfda7e4968a3679db97d71" score = 75 @@ -109397,8 +109397,8 @@ rule ELASTIC_Windows_Exploit_Dcom_7A1Bcec7 : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_Dcom.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_Dcom.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "84073caf71d0e0523adeb96169c85b8f0bfea09e7ef3bf677bfc19d3b536d8a5" logic_hash = "v1_sha256_484576ab5369f99dc7086d724ead12d464f2bedaf84c93b74e137ddd98600b06" score = 75 @@ -109426,8 +109426,8 @@ rule ELASTIC_Linux_Rootkit_Diamorphine_716C7Ffa : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Diamorphine.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Diamorphine.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01fb490fbe2c2b5368cc227abd97e011e83b5e99bb80945ef599fc80e85f8545" logic_hash = "v1_sha256_29ae87a563085ff0e4821a994ede16fa3f6fec693418c2e92ac90b839fcfa7cf" score = 75 @@ -109459,8 +109459,8 @@ rule ELASTIC_Linux_Rootkit_Diamorphine_66Eb93C7 : FILE MEMORY date = "2024-11-13" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Diamorphine.yar#L25-L54" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Diamorphine.yar#L25-L54" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "01fb490fbe2c2b5368cc227abd97e011e83b5e99bb80945ef599fc80e85f8545" logic_hash = "v1_sha256_26063aacb585825f5d6b56d0d671e94efb273605175f4164d271c8edfdbc150a" score = 75 @@ -109499,8 +109499,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_A5420148 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_9fcfe41102bee4f8ecf19f30d0bbb2de50e1a1aff4e17c587b5d9adb417527c5" score = 75 quality = 75 @@ -109530,8 +109530,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_Ff55774D : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_9ee41b9638a8cc1d9f9b254878c935c531b2f599be59550b3617b1de8cba2ba5" score = 75 quality = 75 @@ -109559,8 +109559,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_11Ea7Be5 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_1f86695f316200c92d0d02f5f3ba9f68854978f98db5d4291a81c06c9f0b8d28" score = 75 quality = 75 @@ -109588,8 +109588,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_06B2Dff5 : FILE MEMORY CVE_2012_0056 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "168b3fb1c675ab76224c641e228434495160502a738b64172c679e8ce791ac17" logic_hash = "v1_sha256_4361e6e74d6678d9e0823b23a7a2e4ae84119142cad319950154f806115845d5" score = 75 @@ -109617,8 +109617,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_B39839F4 : FILE MEMORY CVE_2012_0056 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cf569647759e011ff31d8626cea65ed506e8d0ef1d26f3bbb7c02a4060ce58dc" logic_hash = "v1_sha256_553111c64d8abfc3688a88dd95088de0ea7e92f68592e9a778f8041b40071e84" score = 75 @@ -109646,8 +109646,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_A1E53450 : FILE MEMORY CVE_2012_0056 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "15a4d149e935758199f6df946ff889e12097f5fec4ef450e9cbd554d1efbd5e6" logic_hash = "v1_sha256_f2ab5de83c36a9a834e41c8f6fdccd0dffdeb384adf7b1e1098e86a2ac52df18" score = 75 @@ -109675,8 +109675,8 @@ rule ELASTIC_Windows_Hacktool_Sharpapplocker_9645Cf22 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965" logic_hash = "v1_sha256_cb72ecf7715b288acddac51dab091d84c64e3bd30276cba38a0d773e6693875c" score = 75 @@ -109707,8 +109707,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_F3Fb10Cd : FILE CVE_2021_3156 date = "2021-09-15" modified = "2021-09-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "65fb8baa5ec3bfb4473e4b2f565b461dd59989d43c72b1c5ec2e1a68baa8b51a" logic_hash = "v1_sha256_cc80e0b2355877cd9ceecae19d4dcebb641d90a24c0751bf706134b31bf26750" score = 75 @@ -109737,8 +109737,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_7F5672D0 : FILE CVE_2021_3156 date = "2021-09-15" modified = "2021-09-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1a4517d2582ac97b88ae568c23e75beba93daf8518bd3971985d6a798049fd61" logic_hash = "v1_sha256_e25907f11a2f292441a96e19834ad89636593a3f8998ec0010e43830f5aa0c64" score = 75 @@ -109771,8 +109771,8 @@ rule ELASTIC_Windows_Vulndriver_Procid_86605Fa9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29" logic_hash = "v1_sha256_882cdbd267d812e77e68e7080f1fca0ca3d7e75ab84c583c3ec148894b1cf644" score = 75 @@ -109800,8 +109800,8 @@ rule ELASTIC_Linux_Trojan_Pumakit_B86138C3 : FILE MEMORY date = "2024-12-09" modified = "2024-12-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Pumakit.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Pumakit.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "30b26707d5fb407ef39ebee37ded7edeea2890fb5ec1ebfa09a3b3edfc80db1f" logic_hash = "v1_sha256_fc486aafee5cd4156ef7027ed6bf596c62397601787833d9173c198d5d919cde" score = 75 @@ -109840,8 +109840,8 @@ rule ELASTIC_Windows_Vulndriver_Winflash_881758Da : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026" logic_hash = "v1_sha256_a46ac1f19ba5d9543c88434575870b61fbb935cd4c4e28cb80a077502af7d2db" score = 75 @@ -109869,8 +109869,8 @@ rule ELASTIC_Linux_Ransomware_Sodinokibi_2883D7Cd : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a322b230a3451fd11dcfe72af4da1df07183d6aaf1ab9e062f0e6b14cf6d23cd" logic_hash = "v1_sha256_97d6b1b641c4b5b596b67a809e8e70bb0bccb9219282cd6c41bc905e2ea44c84" score = 75 @@ -109898,8 +109898,8 @@ rule ELASTIC_Linux_Rootkit_Dakkatoni_010D3Ac2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "38b2d033eb5ce87faa4faa7fcac943d9373e432e0d45e741a0c01d714ee9d4d3" logic_hash = "v1_sha256_51119321f29aed695e09da22d3234eae96db93e8029d4525d018e56c7131f7b8" score = 75 @@ -109927,8 +109927,8 @@ rule ELASTIC_Windows_Trojan_Ghostengine_8Ea2Aa65 : FILE MEMORY date = "2024-05-07" modified = "2024-05-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_GhostEngine.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_GhostEngine.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2fe78941d74d35f721556697491a438bf3573094d7ac091b42e4f59ecbd25753" logic_hash = "v1_sha256_3bddd2ac79d92d34df5d2df4a11cf96cc44ca39c3baece1b5c67b75a682778ff" score = 75 @@ -109963,8 +109963,8 @@ rule ELASTIC_Macos_Trojan_Eggshell_Ddacf7B9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6d93a714dd008746569c0fbd00fadccbd5f15eef06b200a4e831df0dc8f3d05b" logic_hash = "v1_sha256_f986f7d1e3a68e27f82048017c6d6381a0354ffad2cd10f3eee69bbbfa940abd" score = 75 @@ -109996,8 +109996,8 @@ rule ELASTIC_Windows_Trojan_Azorult_38Fce9Ea : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Azorult.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Azorult.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491" logic_hash = "v1_sha256_e23b21992b7ff577d4521c733929638522f4bf57b54c72e5e46196d028d6be26" score = 75 @@ -110029,8 +110029,8 @@ rule ELASTIC_Windows_Exploit_Fakepipe_6Bc93551 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "545a41ccfcd0a4f09c1c62bef2dde61b52fa92abada71ab72b3f4febb9265f75" logic_hash = "v1_sha256_daf78c4a2db337f51054e108b5b54c8aa32300eae3bd39c5fc2d4769221c8aea" score = 75 @@ -110061,8 +110061,8 @@ rule ELASTIC_Windows_Vulndriver_Fileseclab_4A21229A : FILE date = "2024-03-05" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Fileseclab.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Fileseclab.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12" logic_hash = "v1_sha256_bac78186f3d46c6765bacaf6a324ff94e449261cefe2594cb38c4cc25db1f0de" score = 75 @@ -110095,8 +110095,8 @@ rule ELASTIC_Linux_Rootkit_Bedevil_2Af79Cea : FILE MEMORY date = "2024-11-14" modified = "2024-11-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Rootkit_Bedevil.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Rootkit_Bedevil.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8f8c598350632b32e72cd6af3a0ca93c05b4d9100fd03e2ae1aec97a946eb347" logic_hash = "v1_sha256_3acded46df45f88cf2cdd0eab424810d3dab51cac90845574a1361301e72be23" score = 75 @@ -110134,8 +110134,8 @@ rule ELASTIC_Macos_Backdoor_Fakeflashlxk_06Fd8071 : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "107f844f19e638866d8249e6f735daf650168a48a322d39e39d5e36cfc1c8659" logic_hash = "v1_sha256_853d44465a472786bb48bbe1009e0ff925f79e4fd72f0eac537dd271c1ec3703" score = 75 @@ -110165,8 +110165,8 @@ rule ELASTIC_Windows_Ransomware_Cicada3301_99Fee259 : FILE MEMORY date = "2024-09-05" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Cicada3301.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Cicada3301.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7b3022437b637c44f42741a92c7f7ed251845fd02dda642c0a47fde179bd984e" logic_hash = "v1_sha256_18996d70192b0e997eba70c22ed70a2611a7e038a8825308f4d3d002b681939b" score = 75 @@ -110198,8 +110198,8 @@ rule ELASTIC_Windows_Ransomware_Blackbasta_494D3C54 : FILE MEMORY date = "2022-08-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "357fe8c56e246ffacd54d12f4deb9f1adb25cb772b5cd2436246da3f2d01c222" logic_hash = "v1_sha256_1ecb3c95a2d3f91d267f0b625fffc8477612fde9de3942eff8eb13115c0af6b8" score = 75 @@ -110235,8 +110235,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_Ccf88A37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd" logic_hash = "v1_sha256_77833cdb319bc8e22db2503478677d5992774105f659fe7520177a691c83aa91" score = 75 @@ -110264,8 +110264,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_5Fb2Efd5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6d296648fdbc693e604f6375eaf7e28b87a73b8405dc8cd3147663b5e8b96ff0" logic_hash = "v1_sha256_4c247f40c9781332f04f82a244f6e8e22c9c744963f736937eddecf769b40a54" score = 75 @@ -110293,8 +110293,8 @@ rule ELASTIC_Windows_Trojan_Parallax_D72Ec0E2 : FILE MEMORY date = "2022-09-05" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Parallax.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Parallax.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_6c2c84624912f3b612ae435cf3e8000192a1b168b30205ed4a93b7fab7e336ad" score = 75 quality = 75 @@ -110324,8 +110324,8 @@ rule ELASTIC_Windows_Trojan_Parallax_B4Ea4F1A : FILE MEMORY date = "2022-09-08" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Parallax.yar#L24-L55" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Parallax.yar#L24-L55" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_731fe7bd339ec6b0372b4809004a21f53537bd82f084960b8d018f994dcdc06a" score = 75 quality = 42 @@ -110365,8 +110365,8 @@ rule ELASTIC_Linux_Ransomware_Hellokitty_35731270 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "556e5cb5e4e77678110961c8d9260a726a363e00bf8d278e5302cb4bfccc3eed" logic_hash = "v1_sha256_40cb632d6b8561de56f2010a082a24b0c50d4cabed21e073168b5302ddff7044" score = 75 @@ -110396,8 +110396,8 @@ rule ELASTIC_Windows_Packer_Scrubcrypt_6A75A4Bb : FILE MEMORY date = "2023-04-18" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "05c1eea2ff8c31aa5baf1dfd8015988f7e737753275ed1c8c29013a3a7414b50" logic_hash = "v1_sha256_edcaa6f1cc85ef084ae5bf2524f39869a90b008dce85e72bca4835565f067ca7" score = 75 @@ -110426,8 +110426,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_7Efaef9F : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6" logic_hash = "v1_sha256_fa547d7c1623b332ef306672dd2293b44016d9974c1a3ec4b15e5ae0483ff879" score = 75 @@ -110459,8 +110459,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_B60A50B8 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6" logic_hash = "v1_sha256_fe585ab7efbc3b500ea23d1c164bc79ded658001e53fc71721e435ed7579182a" score = 75 @@ -110488,8 +110488,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_F9F9E79D : FILE MEMORY date = "2022-04-23" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c" logic_hash = "v1_sha256_a71d75719133e8b84956ec002cb31f82386ef711fa2af79d204d176492cd354b" score = 75 @@ -110517,8 +110517,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_787B130B : FILE MEMORY date = "2022-04-24" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c" logic_hash = "v1_sha256_88783bde7014853f6556c6e7ee2dfd5cd5fcbfb4523ed158b4287e2bfba409f1" score = 75 @@ -110550,8 +110550,8 @@ rule ELASTIC_Windows_Trojan_Revengerat_Db91Bcc6 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "30d8f81a19976d67b495eb1324372598cc25e1e69179c11efa22025341e455bd" logic_hash = "v1_sha256_1e33cb1d614aae0b2181ebaca694c69e7fc849b3a3b7ffff7059e8c43553f8cc" score = 75 @@ -110582,8 +110582,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_579A3A4D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "84afc47554cf42e76ef8d28f2d29c28f3d35c2876cec2fb1581b0ac7cfe719dd" logic_hash = "v1_sha256_6579630a4fb6cf5bc8ccb2e4f93f5d549baa6ea9b742b2ee83a52f07352c4741" score = 75 @@ -110611,8 +110611,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_0A370634 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_cf924ba45a7dba19fe571bb9da8c4896690c3ad02f732b759a10174b9f61883f" score = 75 quality = 75 @@ -110639,8 +110639,8 @@ rule ELASTIC_Linux_Hacktool_Exploitscan_4327F817 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "66c6d0e58916d863a1a973b4f5cb7d691fbd01d26b408dbc8c74f0f1e4088dfb" logic_hash = "v1_sha256_7797d9bd75dff355e1ee84b856e77cf9e886dfe727fb8ce7a6fdbe5ed1eb0985" score = 75 @@ -110668,8 +110668,8 @@ rule ELASTIC_Linux_Backdoor_Tinyshell_67Ee6Fae : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9d2e25ec0208a55fba97ac70b23d3d3753e9b906b4546d1b14d8c92f8d8eb03d" logic_hash = "v1_sha256_200d4267e21b8934deecc48273294f2e34464fcb412e39f3f5a006278631b9f1" score = 75 @@ -110700,8 +110700,8 @@ rule ELASTIC_Linux_Exploit_CVE_2022_0847_E831C285 : FILE MEMORY CVE_2022_0847 date = "2022-03-10" modified = "2022-03-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c6b2cef2f2bc04e3ae33e0d368eb39eb5ea38d1bca390df47f7096117c1aecca" logic_hash = "v1_sha256_e15daf5de9bf66060e373a6e772669eade543ed56bef6b6924a0ee44e59522e1" score = 75 @@ -110737,8 +110737,8 @@ rule ELASTIC_Windows_Vulndriver_Atillk_18316Dd9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173" logic_hash = "v1_sha256_02d218d0a0ea447e4ad0b03bff50c307ca5f36b8ed268787cd73c88a05aa4214" score = 75 @@ -110768,8 +110768,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_E2E0Dff1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d38b9e76cbc863f69b29fc47262ceafd26ac476b0ae6283d3fa50985f93bedf3" logic_hash = "v1_sha256_ec7d12296383ca0ed20e3221fb96b9dbdaf6cc7f07f5c8383e43489a9fd6fcfe" score = 75 @@ -110797,8 +110797,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_F90C7E43 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "79475a66be8741d9884bc60f593c81a44bdb212592cd1a7b6130166a724cb3d3" logic_hash = "v1_sha256_2d995722b06ce51a5378e395896764421f84afcf6b13855a87ed43d9b9e38982" score = 75 @@ -110826,8 +110826,8 @@ rule ELASTIC_Multi_Ransomware_Ransomhub_4A8A07Cd : FILE MEMORY date = "2024-09-05" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Multi_Ransomware_RansomHub.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Multi_Ransomware_RansomHub.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bfbbba7d18be1aa2e85390fa69a761302756ee9348b7343af6f42f3b5d0a939c" logic_hash = "v1_sha256_8e2d062e890cf66418c18ce8988c0ac4744c9f00fdc296e8dd91df39ec240abe" score = 75 @@ -110862,8 +110862,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_1916686D : FILE MEMORY date = "2022-06-23" modified = "2022-12-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_e0e7b8ba2865fc76845b21aa3e075ceab98888635a60bd722c0c81e0f4fcf58c" score = 75 quality = 75 @@ -110903,8 +110903,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_9B267F96 : FILE MEMORY date = "2022-06-23" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_fbaaf4bf2462119b39a5df90b91fb831be3e602b926cd893374a5dddf48f029d" score = 75 quality = 75 @@ -110938,8 +110938,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_684A39F2 : FILE MEMORY date = "2023-01-24" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5f4782a34368bb661f413f33e2d1fb9f237b7f9637f2c0c21dc752316b02350c" logic_hash = "v1_sha256_7cb74176e1dbdd248295649568d29c9d88841fcd0c16479b6b7efc71c4a1d706" score = 75 @@ -110974,8 +110974,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_Ade6C9D5 : FILE MEMORY date = "2023-01-24" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dc9757c9aa3aff76d86f9f23a3d20a817e48ca3d7294307cc67477177af5c0d4" logic_hash = "v1_sha256_8ff8ed1e2b909606fe6aae3f43ad02898d7b3906c3d329a508f6d40490ec75a0" score = 60 @@ -111008,8 +111008,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_4110D879 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e0fbbc548fdb9da83a72ddc1040463e37ab6b8b544bf0d2b206bfff352175afe" logic_hash = "v1_sha256_22c27523ddd8183c41da40f7ff908ae5bdee3b482c8a3f70aaa63a4c419e515b" score = 75 @@ -111038,8 +111038,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5B12Cbab : FILE MEMORY date = "2024-02-21" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8165798fec8294523f25aedfc6699faad0c5d75f60bc7cefcbb2fa13dbc656e3" logic_hash = "v1_sha256_b86296dafaef1dfa0a41704cafa351694abb0e453e104dfe06836ed599338f38" score = 75 @@ -111067,8 +111067,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5E383Ae0 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f" logic_hash = "v1_sha256_5d87ada1c609e23742c389f8153a9266c4db95be4a5e10b50979aebc993a45e0" score = 75 @@ -111110,8 +111110,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_644Ac114 : FILE MEMORY date = "2024-04-17" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ace6a99d95ef859d4ab74db6900753e754273a12a34721f1aa8f1a9df3d8ec35" logic_hash = "v1_sha256_06ffea16a0348f2276f379db150b5f9d2dbdffbcb2eee83c55c27c837ecb1e69" score = 75 @@ -111140,8 +111140,8 @@ rule ELASTIC_Windows_Ransomware_Avoslocker_7Ae4D4F2 : FILE MEMORY date = "2021-07-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856" logic_hash = "v1_sha256_c87faf6f128fd6a8cabd68ec8de72fb10e6be42bdbe23ece374dd8f3cf0c1b15" score = 75 @@ -111173,8 +111173,8 @@ rule ELASTIC_Windows_Trojan_Kronos_Cdd2E2C5 : FILE MEMORY date = "2021-02-07" modified = "2021-08-23" reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Kronos.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Kronos.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f" logic_hash = "v1_sha256_a8943c5ef166446629cb46517d35db39c97a1e3efa3a7a0b5cb3d3ee9d1e6e9c" score = 75 @@ -111209,8 +111209,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_C9Cc6D00 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf" logic_hash = "v1_sha256_4b6a78c2c807cf1f569ae9bc275d42d9c895efba7a2d64fec0652e3cb163d553" score = 75 @@ -111238,8 +111238,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_B0F21A70 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374" logic_hash = "v1_sha256_c82d95e805898f9a9a1ffccb483e506df0a53dc420068314e7c724e4947f3572" score = 75 @@ -111267,8 +111267,8 @@ rule ELASTIC_Windows_Ransomware_Mountlocker_126A76E2 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4a5ac3c6f8383cc33c795804ba5f7f5553c029bbb4a6d28f1e4d8fb5107902c1" logic_hash = "v1_sha256_5a5e157a245a75033abbe6bc7aa66fe6af6d91dc30abe1fdadce85f8f3905b1e" score = 75 @@ -111300,8 +111300,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_0B6807F8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "c2542e399f865b5c490ee66b882f5ff246786b3f004abb7489ec433c11007dda" logic_hash = "v1_sha256_d945c7a23b9f435851f3c998231da615e220c259051cf213186c28f3279be1dd" score = 75 @@ -111329,8 +111329,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_1F1Cfe9A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "497a6d426ff93d5cd18cea623074fb209d4f407a02ef8f382f089f1ed3f108c5" logic_hash = "v1_sha256_2171284991b0019379c8d271013a35237c37bc2e13d807caed86f8fb9d2ba418" score = 75 @@ -111358,8 +111358,8 @@ rule ELASTIC_Windows_Vulndriver_Zam_928812A7 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91" logic_hash = "v1_sha256_82ca874d60d8a0ee04aca39f59415f22797e7e0337314c88dd8ebad1a823d200" score = 75 @@ -111388,8 +111388,8 @@ rule ELASTIC_Windows_Vulndriver_Zam_7C86D260 : FILE MEMORY date = "2024-07-16" modified = "2024-09-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Zam.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Zam.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c" logic_hash = "v1_sha256_cc29f26c222825eb5262d91065a00243bc913fe2071d8ad6b0dc61dd22798f1e" score = 75 @@ -111419,8 +111419,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_59E029C3 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "144526d30ae747982079d5d340d1ff116a7963aba2e3ed589e7ebc297ba0c1b3" logic_hash = "v1_sha256_64620a3404b331855d0b8018c1626c88cb28380785beac1a391613ae8dc1b1bf" score = 75 @@ -111452,8 +111452,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_0F768F60 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155" logic_hash = "v1_sha256_1aaa74c2d8fbb230cbfc0e08fd6865b5f7e90e4abcdb97121e52afb7569b2dbc" score = 75 @@ -111486,8 +111486,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_8453771B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78" logic_hash = "v1_sha256_546e5c56ceb6b99db14dc225a2ec4872cb54859a0f2f6ad520d4f446793e031e" score = 75 @@ -111522,8 +111522,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F690Fe3B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78" logic_hash = "v1_sha256_35c6be75348a30f415a1a4bb94ae7e3a2f49f54a0fb3ddc4bae1aa3e03c1a909" score = 75 @@ -111551,8 +111551,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_1A7D804B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "76bf736b25d5c9aaf6a84edd4e615796fffc338a893b49c120c0b4941ce37925" logic_hash = "v1_sha256_b0c4b168d92947e599e8c74d0ae6a91766c8a034c34e9c07e2472620c9b61037" score = 75 @@ -111587,8 +111587,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_E14B0B79 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a" logic_hash = "v1_sha256_7cdf111ae253bffef7243ad3722f1a79f81f45d80f938f9542af8e056f75d3fc" score = 75 @@ -111620,8 +111620,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F1Cd26Ad : FILE MEMORY date = "2023-05-11" modified = "2023-05-16" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "afa8a32ec29a31f152ba20a30eb483520fe50f2dce6c9aa9135d88f7c9c511d7" logic_hash = "v1_sha256_ad3e130d5a1203c55b5c8d369c7d9989f66f76c9bd57e2314a30f4c931e4b98d" score = 75 @@ -111651,8 +111651,8 @@ rule ELASTIC_Linux_Trojan_Bish_974B4B47 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Bish.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Bish.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9171fd2bbe182f0a3cd35937f3ee0076c9358f52f5bc047498dd9e233ae11757" logic_hash = "v1_sha256_c5a7d036c89fe50626da51486d19ee731ad28cbc8d36def075d8f33a7b68961f" score = 75 @@ -111680,8 +111680,8 @@ rule ELASTIC_Windows_Vulndriver_Eneio_6E01882F : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347" logic_hash = "v1_sha256_144ac5375cb637b6301a2275f2412fbd0d0c5fb23105c7cce5aa7912cf68fa2c" score = 75 @@ -111709,8 +111709,8 @@ rule ELASTIC_Linux_Trojan_Sysrv_85097F24 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "17fbc8e10dea69b29093fcf2aa018be4d58fe5462c5a0363a0adde60f448fb26" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_96bee8b9b0e9c2afd684582301f9e110fd08fcabaea798bfb6259a4216f69be1" score = 75 quality = 75 @@ -111737,8 +111737,8 @@ rule ELASTIC_Linux_Trojan_Mech_D30Ec0A0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mech.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mech.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "710d1a0a8c7eecc6d793933c8a97cec66d284b3687efee7655a2dc31d15c0593" logic_hash = "v1_sha256_268aeb25d6468412d8123bab5eb2c8bd7704828d0ef3c3d771aa036e374127d7" score = 75 @@ -111766,8 +111766,8 @@ rule ELASTIC_Linux_Trojan_Godropper_Bae099Bd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Godropper.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Godropper.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "704643f3fd11cda1d52260285bf2a03bccafe59cfba4466427646c1baf93881e" logic_hash = "v1_sha256_ef6274928f7cfc0312122ac3e4153fb0a78dc7d5fb2d68db6cbe4974f5497210" score = 75 @@ -111795,8 +111795,8 @@ rule ELASTIC_Windows_Trojan_Emotet_18379A8D : FILE MEMORY date = "2021-11-17" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Emotet.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Emotet.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827" logic_hash = "v1_sha256_2ad72ce2a352b91a4fa597ee9e796035298cfcee6fdc13dd3f64579d8da96b97" score = 75 @@ -111824,8 +111824,8 @@ rule ELASTIC_Windows_Trojan_Emotet_5528B3B0 : FILE MEMORY date = "2021-11-17" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Emotet.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Emotet.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827" logic_hash = "v1_sha256_bb784ab0e064bafa8450b6bb15ef534af38254ea3c096807571c2c27f7cdfd76" score = 75 @@ -111853,8 +111853,8 @@ rule ELASTIC_Windows_Trojan_Emotet_1943Bbf2 : FILE MEMORY date = "2021-11-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Emotet.yar#L43-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Emotet.yar#L43-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5abec3cd6aa066b1ddc0149a911645049ea1da66b656c563f9a384e821c5db38" logic_hash = "v1_sha256_41838e335b9314b8759922f23ec8709f46e6a26633f3685ac98ada5828191d35" score = 75 @@ -111882,8 +111882,8 @@ rule ELASTIC_Windows_Trojan_Emotet_Db7D33Fa : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Emotet.yar#L64-L90" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Emotet.yar#L64-L90" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc" logic_hash = "v1_sha256_e220c112c15f384fde6fc2286b01c7eb9bedcf4817d02645d0fa7afb05e7b593" score = 75 @@ -111918,8 +111918,8 @@ rule ELASTIC_Windows_Trojan_Emotet_D6Ac1Ea4 : FILE MEMORY date = "2022-05-24" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Emotet.yar#L92-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Emotet.yar#L92-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71" logic_hash = "v1_sha256_9b37940ea8752c6db52d4f09225de0389438c41468a11a7cda8f28b191192ef9" score = 75 @@ -111950,8 +111950,8 @@ rule ELASTIC_Windows_Trojan_Emotet_77C667B9 : FILE MEMORY date = "2022-11-07" modified = "2022-12-20" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Emotet.yar#L116-L144" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Emotet.yar#L116-L144" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572" logic_hash = "v1_sha256_f11769fe5e9789b451e8826c5fd22bde5b3eb9f7af1d5fec7eec71700fc1f482" score = 75 @@ -111988,8 +111988,8 @@ rule ELASTIC_Windows_Trojan_Emotet_8B9449C1 : FILE MEMORY date = "2022-11-09" modified = "2022-12-20" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Emotet.yar#L146-L166" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Emotet.yar#L146-L166" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572" logic_hash = "v1_sha256_5501354ebc1d97fe5ce894d5907adb29440f557f2dd235e1e983ae2d109199a2" score = 75 @@ -112018,8 +112018,8 @@ rule ELASTIC_Windows_Vulndriver_Amifldrv_E387D5Ad : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330" logic_hash = "v1_sha256_14d75b5aff2c82d69b041c654cdc0840f6b6e37a197f5c0c1c2698c9e8eba3e2" score = 60 @@ -112047,8 +112047,8 @@ rule ELASTIC_Windows_Hacktool_Gmer_8Aabdd5E : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7" logic_hash = "v1_sha256_acdab89a7703a743927cec60fbc84af2fd469403bee6f211c865fb96e9c92498" score = 75 @@ -112076,8 +112076,8 @@ rule ELASTIC_Windows_Ransomware_Ransomexx_Fabff49C : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "480af18104198ad3db1518501ee58f9c4aecd19dbbf2c5dd7694d1d87e9aeac7" logic_hash = "v1_sha256_67d5123b706685ea5ab939aec31cb1549297778d91dd38b14e109945c52da71a" score = 75 @@ -112108,8 +112108,8 @@ rule ELASTIC_Linux_Trojan_Rotajakiro_Fb24F399 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "023a7f9ed082d9dd7be6eba5942bfa77f8e618c2d15a8bc384d85223c5b91a0c" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" logic_hash = "v1_sha256_be33fdda50ef0ea1a0cf45835cc2b7a805cecb3fff371ed6d93e01c2d477d867" score = 75 quality = 75 @@ -112136,8 +112136,8 @@ rule ELASTIC_Windows_Trojan_Zloader_5Dd0A0Bf : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Zloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Zloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "v1_sha256_1446a4147e1b06fa66907de857011079c55a8e6bf84276eb8518d33468ba1f83" score = 75 @@ -112165,8 +112165,8 @@ rule ELASTIC_Windows_Trojan_Zloader_4Fe0F7F1 : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Zloader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Zloader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "v1_sha256_b20fafc9db08c7668b49e18f45632594c3a69ec65fe865e79379c544fc424f8d" score = 75 @@ -112194,8 +112194,8 @@ rule ELASTIC_Windows_Trojan_Zloader_363C65Ed : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Zloader.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Zloader.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "v1_sha256_d3c530f9929db709067a9e1cc59b9cda9dcd8e19352c79ddaf7af6c91b242afd" score = 75 @@ -112223,8 +112223,8 @@ rule ELASTIC_Windows_Trojan_Zloader_79535191 : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Zloader.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Zloader.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "v1_sha256_c398a8ca46c6fe3e59481a092867be77a94809b1568cea918aa6450374063857" score = 75 @@ -112252,8 +112252,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_18Fc60E5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60" logic_hash = "v1_sha256_75db45ccbeb558409ee9398065591472d4aee0382be5980adb9d0fb41e557789" score = 75 @@ -112281,8 +112281,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_3C593Bc3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60" logic_hash = "v1_sha256_94a0d33b474b3c60e926eaf06147eb0fdc56beac525f25326448bf2a5177d9c0" score = 75 @@ -112310,8 +112310,8 @@ rule ELASTIC_Linux_Trojan_Mettle_E8Fdbcbd : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mettle.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mettle.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "864eae4f27648b8a9d9b0eb1894169aa739311cdd02b1435a34881acf7059d58" logic_hash = "v1_sha256_d13c1e7fb815ebbefa78922e9b85a1ced015c03b8f1b2cf1885a9c483b8e0ab3" score = 75 @@ -112343,8 +112343,8 @@ rule ELASTIC_Linux_Trojan_Mettle_813B9B6C : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mettle.yar#L25-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mettle.yar#L25-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "bb651d974ca3f349858db7b5a86f03a8d47d668294f27e709a823fa11e6963d7" logic_hash = "v1_sha256_a6a9cf424bf1ca7985e1c4b14123ed236208ffa3f7c9ffebbdd85765a90bfa54" score = 75 @@ -112381,8 +112381,8 @@ rule ELASTIC_Linux_Trojan_Mettle_78Aead1C : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Trojan_Mettle.yar#L54-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Trojan_Mettle.yar#L54-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "864eae4f27648b8a9d9b0eb1894169aa739311cdd02b1435a34881acf7059d58" logic_hash = "v1_sha256_d68d37379b8a3a2d242030fd14884781488e9785823aa25fedfdd406748f8039" score = 75 @@ -112419,8 +112419,8 @@ rule ELASTIC_Windows_Trojan_Grandoreiro_51236Ba2 : FILE MEMORY date = "2022-08-23" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1bdf381e7080d9bed3f52f4b3db1991a80d3e58120a5790c3d1609617d1f439e" logic_hash = "v1_sha256_9a8549a1dd82f56458ea8aee5c30243ac073d15c820de28d78a58d2c067b10d6" score = 75 @@ -112452,8 +112452,8 @@ rule ELASTIC_Linux_Exploit_Enoket_79B52A4C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Enoket.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Enoket.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" logic_hash = "v1_sha256_204082a3be602b3f6aebb013a46e6f9c98b5dad2476350afa60c1954b13598fe" score = 75 @@ -112481,8 +112481,8 @@ rule ELASTIC_Linux_Exploit_Enoket_5969A348 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Enoket.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Enoket.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4b4d7ca9e1ffa2c46cb097d4a014c59b1a9feb93b3adcb5936ef6a1dfef9b0ae" logic_hash = "v1_sha256_e47af0fba86c9152d17911b984070a8419b98da8916538ebb1065a5348da6e31" score = 75 @@ -112510,8 +112510,8 @@ rule ELASTIC_Linux_Exploit_Enoket_80Fac3E9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Enoket.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Enoket.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3355ad81c566914a7d7734b40c46ded0cfa53aa22c6e834d42e185bf8bbe6128" logic_hash = "v1_sha256_19cb7f02ca80095293c4a09f7ea616c31364af1e4189a9211aaba54aaa2db14e" score = 75 @@ -112539,8 +112539,8 @@ rule ELASTIC_Linux_Exploit_Enoket_7Da5F86A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Enoket.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Enoket.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "406b003978d79d453d3e2c21b991b113bf2fc53ffbf3a1724c5b97a4903ef550" logic_hash = "v1_sha256_df5769a87230f5e563849302f32673b5f5de2595e12de72c27921d45edc58928" score = 75 @@ -112568,8 +112568,8 @@ rule ELASTIC_Linux_Exploit_Enoket_C77C0D6D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Enoket.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Enoket.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" logic_hash = "v1_sha256_504d61715bd5dba7f777fcb2d62eb53d8d54dad2dcf93f2fc2d7dcd359c4b994" score = 75 @@ -112597,8 +112597,8 @@ rule ELASTIC_Linux_Exploit_Enoket_Fbf508E1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Exploit_Enoket.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Exploit_Enoket.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "v1_sha256_21b1d69677c3fddb210dcf5947e8321abccd5a1ebbde8438a83fee5d4b29443d" score = 75 @@ -112626,8 +112626,8 @@ rule ELASTIC_Linux_Generic_Threat_A658B75F : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "df430ab9f5084a3e62a6c97c6c6279f2461618f038832305057c51b441c648d9" logic_hash = "v1_sha256_1ef7267438b8d15ed770f0784a7d428cbc2680144b0ef179337875d5b4038d08" score = 75 @@ -112656,8 +112656,8 @@ rule ELASTIC_Linux_Generic_Threat_Ea5Ade9A : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d75189d883b739d9fe558637b1fab7f41e414937a8bae7a9d58347c223a1fcaa" logic_hash = "v1_sha256_12a9b5e54d6d528ecb559b6e2ea3aa72effa7f0efbf2c33581a4efedc292e4c1" score = 75 @@ -112685,8 +112685,8 @@ rule ELASTIC_Linux_Generic_Threat_80Aea077 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L42-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L42-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "002827c41bc93772cd2832bc08dfc413302b1a29008adbb6822343861b9818f0" logic_hash = "v1_sha256_cab860ad5f0c49555adb845504acb4dbeabb94dbc287202be35020e055e6f27b" score = 75 @@ -112714,8 +112714,8 @@ rule ELASTIC_Linux_Generic_Threat_2E214A04 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L62-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L62-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cad65816cc1a83c131fad63a545a4bd0bdaa45ea8cf039cbc6191e3c9f19dead" logic_hash = "v1_sha256_0d29aa6214b0a05f9af10cdc080ffa33452156e13c057f31997630cebcda294a" score = 75 @@ -112744,8 +112744,8 @@ rule ELASTIC_Linux_Generic_Threat_0B770605 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L83-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L83-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "99418cbe1496d5cd4177a341e6121411bc1fab600d192a3c9772e8e6cd3c4e88" logic_hash = "v1_sha256_d4aae755870765a119ee7ae648d4388e0786e8ab6f7f196d81c6356be7d0ddfb" score = 75 @@ -112774,8 +112774,8 @@ rule ELASTIC_Linux_Generic_Threat_92064B27 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L104-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L104-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8e5cfcda52656a98105a48783b9362bad22f61bcb6a12a27207a08de826432d9" logic_hash = "v1_sha256_adb9ed7280065f77440bd1e106bc800ebe6251119151cd54b76dc2917b013f65" score = 75 @@ -112803,8 +112803,8 @@ rule ELASTIC_Linux_Generic_Threat_De6Be095 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L124-L143" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L124-L143" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2431239d6e60ca24a5440e6c92da62b723a7e35c805f04db6b80f96c8cf9fee6" logic_hash = "v1_sha256_cbd7578830169703b047adb1785b05d226f2507a65c203ee344d8e2b3a24f6c9" score = 75 @@ -112833,8 +112833,8 @@ rule ELASTIC_Linux_Generic_Threat_898D9308 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L145-L164" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L145-L164" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ce89863a16787a6f39c25fd15ee48c4d196223668a264217f5d1cea31f8dc8ef" logic_hash = "v1_sha256_8b5deedf18d660d0b76dc987843ff5cc01432536a04ab4925e9b08269fd847e4" score = 75 @@ -112863,8 +112863,8 @@ rule ELASTIC_Linux_Generic_Threat_23D54A0E : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L166-L185" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L166-L185" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "v1_sha256_7e52eaf9c49bd6cbdb89b0c525b448864e1ea55d00bc052898613174fe5956cc" score = 75 @@ -112893,8 +112893,8 @@ rule ELASTIC_Linux_Generic_Threat_D7802B0A : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L187-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L187-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "v1_sha256_3e1452204fef11d63870af5f143ae73f4b8e5a4db83a53851444fbf8a0ea6a26" score = 75 @@ -112922,8 +112922,8 @@ rule ELASTIC_Linux_Generic_Threat_08E4Ee8C : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L207-L225" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L207-L225" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea" logic_hash = "v1_sha256_a927415afbab32adee49a583fc35bc3d44764f87bbbb3497b38af6feb92cd9a8" score = 75 @@ -112951,8 +112951,8 @@ rule ELASTIC_Linux_Generic_Threat_D60E5924 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L227-L246" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L227-L246" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fdcc2366033541053a7c2994e1789f049e9e6579226478e2b420ebe8a7cebcd3" logic_hash = "v1_sha256_012111e4a38c1f901dcd830cc26ef8dcfbde7986fcc8b8eebddb8d8b7a0cec6a" score = 75 @@ -112981,8 +112981,8 @@ rule ELASTIC_Linux_Generic_Threat_6Bed4416 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L248-L266" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L248-L266" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "v1_sha256_c098e27a12d5d10af67d1b78572bc7daeb500504527428366e1d9a4e55e0f4d7" score = 75 @@ -113010,8 +113010,8 @@ rule ELASTIC_Linux_Generic_Threat_Fc5B5B86 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L268-L286" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L268-L286" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "134b063d9b5faed11c6db6848f800b63748ca81aeca46caa0a7c447d07a9cd9b" logic_hash = "v1_sha256_a11ed323df7283188cf99ca89abbd18673fef88660df1150d4dc72de04a836a8" score = 75 @@ -113039,8 +113039,8 @@ rule ELASTIC_Linux_Generic_Threat_2C8D824C : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L288-L306" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L288-L306" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9106bdd27e67d6eebfaec5b1482069285949de10afb28a538804ce64add88890" logic_hash = "v1_sha256_c8fc90ec5e93ff39443f513e83f34140819a30b737da2a412ba97a7b221ca9dc" score = 75 @@ -113068,8 +113068,8 @@ rule ELASTIC_Linux_Generic_Threat_936B24D5 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L308-L326" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L308-L326" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "fb8eb0c876148a4199cc873b84fd9c1c6abc1341e02d118f72ffb0dae37592a4" logic_hash = "v1_sha256_972bbc4950c49ff7bc880b1d24b586072eb8541584b97a00ac501fac133a3157" score = 75 @@ -113097,8 +113097,8 @@ rule ELASTIC_Linux_Generic_Threat_98Bbca63 : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L328-L347" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L328-L347" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1d4d3d8e089dcca348bb4a5115ee2991575c70584dce674da13b738dd0d6ff98" logic_hash = "v1_sha256_1728d47b3f364cff02ae61ccf381ecab0c1fe46a5c76d832731fdf7acc1caf55" score = 75 @@ -113127,8 +113127,8 @@ rule ELASTIC_Linux_Generic_Threat_9Aaf894F : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L349-L367" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L349-L367" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "467ac05956eec6c74217112721b3008186b2802af2cafed6d2038c79621bcb08" logic_hash = "v1_sha256_b28d6a8c23aba4371e2e5f48861d2bcc8bdfa7212738eda7b1b4a3059d159cf2" score = 75 @@ -113156,8 +113156,8 @@ rule ELASTIC_Linux_Generic_Threat_Ba3A047D : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L369-L388" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L369-L388" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3064e89f3585f7f5b69852f1502e34a8423edf5b7da89b93fb8bd0bef0a28b8b" logic_hash = "v1_sha256_ffcfb90c0c796b7b343adbd2142193759ececddd0700c0bb4e2898947464b1a2" score = 75 @@ -113186,8 +113186,8 @@ rule ELASTIC_Linux_Generic_Threat_902Cfdc5 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L390-L408" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L390-L408" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3fa5057e1be1cfeb73f6ebcdf84e00c37e9e09f1bec347d5424dd730a2124fa8" logic_hash = "v1_sha256_0f86914cb598262744660e65048f75d071307ae47d069971bfcd049a7d4b36e5" score = 75 @@ -113215,8 +113215,8 @@ rule ELASTIC_Linux_Generic_Threat_094C1238 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L410-L428" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L410-L428" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2bfe7d51d59901af345ef06dafd8f0e950dcf8461922999670182bfc7082befd" logic_hash = "v1_sha256_fb82e16bf153c88377cc8655557bc1f021af6e04e1160129ce9555e078d00a0d" score = 75 @@ -113244,8 +113244,8 @@ rule ELASTIC_Linux_Generic_Threat_A8Faf785 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L430-L448" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L430-L448" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6028562baf0a7dd27329c8926585007ba3e0648da25088204ebab2ac8f723e70" logic_hash = "v1_sha256_3ab5d9ba39be2553173f6eb4d2a1ca22bfb9f1bd537fed247f273eba1eabd782" score = 75 @@ -113273,8 +113273,8 @@ rule ELASTIC_Linux_Generic_Threat_04E8E4A5 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L450-L468" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L450-L468" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "248f010f18962c8d1cc4587e6c8b683a120a1e838d091284ba141566a8a01b92" logic_hash = "v1_sha256_9b04725bf0a75340c011028b201ed08eb9de305a5b4630cc79156c0a847cdc9e" score = 75 @@ -113302,8 +113302,8 @@ rule ELASTIC_Linux_Generic_Threat_47B147Ec : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L470-L488" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L470-L488" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cc7734a10998a4878b8f0c362971243ea051ce6c1689444ba6e71aea297fb70d" logic_hash = "v1_sha256_84c68f2ed76d644122daf81d41d4eb0be9aa8b1c82993464d3138ae30992110f" score = 75 @@ -113331,8 +113331,8 @@ rule ELASTIC_Linux_Generic_Threat_887671E9 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L490-L508" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L490-L508" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "701c7c75ed6a7aaf59f5a1f04192a1f7d49d73c1bd36453aed703ad5560606dc" logic_hash = "v1_sha256_eefe9391a9ce716dbe16f11b8ccea89d032fdad42fcabd84ffe584409c550847" score = 75 @@ -113360,8 +113360,8 @@ rule ELASTIC_Linux_Generic_Threat_9Cf10F10 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L510-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L510-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d07c9be37dc37f43a54c8249fe887dbc4058708f238ff3d95ed21f874cbb84e8" logic_hash = "v1_sha256_ca4ae64b73fb7013008e8049d17479032d904a3faf5ad0f2ad079971a231a3b8" score = 75 @@ -113389,8 +113389,8 @@ rule ELASTIC_Linux_Generic_Threat_75813Ab2 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L530-L549" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L530-L549" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5819eb73254fd2a698eb71bd738cf3df7beb65e8fb5e866151e8135865e3fd9a" logic_hash = "v1_sha256_06e5daed278273137e416ef3ee6ac8496b144a9c3ce213ec92881ba61d7db6cb" score = 75 @@ -113419,8 +113419,8 @@ rule ELASTIC_Linux_Generic_Threat_11041685 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L551-L570" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L551-L570" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "296440107afb1c8c03e5efaf862f2e8cc6b5d2cf979f2c73ccac859d4b78865a" logic_hash = "v1_sha256_19f4109e73981424527ece8c375274f97fd3042427b7875071451a8081a9aae7" score = 75 @@ -113449,8 +113449,8 @@ rule ELASTIC_Linux_Generic_Threat_0D22F19C : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L572-L591" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L572-L591" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "da5a204af600e73184455d44aa6e01d82be8b480aa787b28a1df88bb281eb4db" logic_hash = "v1_sha256_ee43796b0717717cb012385d5bb3aece433c11780f1a293d280c39411f9fed98" score = 75 @@ -113479,8 +113479,8 @@ rule ELASTIC_Linux_Generic_Threat_4A46B0E1 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L593-L612" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L593-L612" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "3ba47ba830ab8deebd9bb906ea45c7df1f7a281277b44d43c588c55c11eba34a" logic_hash = "v1_sha256_e3f6804f502fad8c893fb4c3c27506b6ef17d7e0d0a01399c6d185bad92e895a" score = 75 @@ -113509,8 +113509,8 @@ rule ELASTIC_Linux_Generic_Threat_0A02156C : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L614-L633" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L614-L633" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "f23d4b1fd10e3cdd5499a12f426e72cdf0a098617e6b178401441f249836371e" logic_hash = "v1_sha256_3ceea812f0252ec703a92482ce7a3ef0aa65bad149df2aa0107e07a45490b8f1" score = 75 @@ -113539,8 +113539,8 @@ rule ELASTIC_Linux_Generic_Threat_6D7Ec30A : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L635-L654" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L635-L654" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "1cad1ddad84cdd8788478c529ed4a5f25911fb98d0a6241dcf5f32b0cdfc3eb0" logic_hash = "v1_sha256_33c705b89a82989c25fc67f50b06aa3a613cae567ec652d86ae64bad4b253c28" score = 75 @@ -113569,8 +113569,8 @@ rule ELASTIC_Linux_Generic_Threat_900Ffdd4 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L656-L674" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L656-L674" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "a3e1a1f22f6d32931d3f72c35a5ee50092b5492b3874e9e6309d015d82bddc5d" logic_hash = "v1_sha256_eb69bfc146b32e790fffdf4588b583335d2006182070b53fec43bb6e4971d779" score = 75 @@ -113598,8 +113598,8 @@ rule ELASTIC_Linux_Generic_Threat_Cb825102 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L676-L694" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L676-L694" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4e24b72b24026e3dfbd65ddab9194bd03d09446f9ff0b3bcec76efbb5c096584" logic_hash = "v1_sha256_ac48f32ec82aac6df0697729d14aaee65fba82d91173332cd13c6ccccd63b1be" score = 75 @@ -113627,8 +113627,8 @@ rule ELASTIC_Linux_Generic_Threat_3Bcc1630 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L696-L716" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L696-L716" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "62a6866e924af2e2f5c8c1f5009ce64000acf700bb5351a47c7cfce6a4b2ffeb" logic_hash = "v1_sha256_6f602aac6db46ac3f5b7716a1dac53b5dbd2c583505644bfc617d69be0a2d4de" score = 75 @@ -113658,8 +113658,8 @@ rule ELASTIC_Linux_Generic_Threat_5D5Fd28E : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L718-L738" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L718-L738" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5b179a117e946ce639e99ff42ab70616ed9f3953ff90b131b4b3063f970fa955" logic_hash = "v1_sha256_b29ca34b98ee87151496f900fa3558190127957539afac3fd99db2dc51980213" score = 75 @@ -113689,8 +113689,8 @@ rule ELASTIC_Linux_Generic_Threat_B0B891Fb : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L740-L759" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L740-L759" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d666bc0600075f01d8139f8b09c5f4e4da17fa06a86ebb3fa0dc478562e541ae" logic_hash = "v1_sha256_9ec82691a230f3240b1253f99a45cd0baa3238b6fd533004a22a6152b6ac9a12" score = 75 @@ -113719,8 +113719,8 @@ rule ELASTIC_Linux_Generic_Threat_Cd9Ce063 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L761-L779" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L761-L779" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "485581520dd73429b662b73083d504aa8118e01c5d37c1c08b21a5db0341a19d" logic_hash = "v1_sha256_ba070c2147028cad4be1c139b16a770c9d9854456d073373a93ed0b213f7b34c" score = 75 @@ -113748,8 +113748,8 @@ rule ELASTIC_Linux_Generic_Threat_B8B076F4 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L781-L799" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L781-L799" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "4496e77ff00ad49a32e090750cb10c55e773752f4a50be05e3c7faacc97d2677" logic_hash = "v1_sha256_37f3be4cbda4a93136d66e32d7245d4c962a9fe1c98fb0325f42a1d16d6d9415" score = 75 @@ -113777,8 +113777,8 @@ rule ELASTIC_Linux_Generic_Threat_1Ac392Ca : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L801-L819" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L801-L819" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "dca2d035b1f7191f7876eb727b13c308f63fe8f899cab643526f9492ec0fa16f" logic_hash = "v1_sha256_6ffa5099c0d18644cd11a0511db542d2f809e4cba974eccca814fedf5a2b0a5b" score = 75 @@ -113806,8 +113806,8 @@ rule ELASTIC_Linux_Generic_Threat_949Bf68C : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L821-L839" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L821-L839" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cc1b339ff6b33912a8713c192e8743d1207917825b62b6f585ab7c8d6ab4c044" logic_hash = "v1_sha256_aaae0a8a2827786513891bc8c3e3418823ae3f3291d891e80e82113b929f7513" score = 75 @@ -113835,8 +113835,8 @@ rule ELASTIC_Linux_Generic_Threat_Bd35454B : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L841-L860" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L841-L860" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "cd729507d2e17aea23a56a56e0c593214dbda4197e8a353abe4ed0c5fbc4799c" logic_hash = "v1_sha256_d3619cdb002b4ac7167716234058f949623c42a64614f5eb7956866b68fff5e4" score = 75 @@ -113865,8 +113865,8 @@ rule ELASTIC_Linux_Generic_Threat_1E047045 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L862-L880" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L862-L880" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "2c49772d89bcc4ad4ed0cc130f91ed0ce1e625262762a4e9279058f36f4f5841" logic_hash = "v1_sha256_0d28df53e030664e7225f1170888b51e94e64833537c5add3e10cfdb4f029a3a" score = 75 @@ -113894,8 +113894,8 @@ rule ELASTIC_Linux_Generic_Threat_1973391F : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L882-L901" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L882-L901" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "7bd76010f18061aeaf612ad96d7c03341519d85f6a1683fc4b2c74ea0508fe1f" logic_hash = "v1_sha256_632a43b68e498f463ff5dfa78212646b8bd108ea47ff11164c8c1a69e830c1ac" score = 75 @@ -113924,8 +113924,8 @@ rule ELASTIC_Linux_Generic_Threat_66D00A84 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L903-L921" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L903-L921" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "464e144bcbb54fc34262b4d81143f4e69e350fb526c803ebea1fdcfc8e57bf33" logic_hash = "v1_sha256_a1d60619d72b3309bfaaf8b4085dd5ed90142ff3e9ebfe80fcd7beba5f14a62e" score = 75 @@ -113953,8 +113953,8 @@ rule ELASTIC_Linux_Generic_Threat_D2Dca9E7 : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L923-L941" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L923-L941" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9b10bb3773011c4da44bf3a0f05b83079e4ad30f0b1eb2636a6025b927e03c7f" logic_hash = "v1_sha256_175b9a80314cf280b995a012f13e65bd4ce7e27faebf02ae5abe978dbd14447c" score = 75 @@ -113982,8 +113982,8 @@ rule ELASTIC_Linux_Generic_Threat_1F5D056B : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L943-L962" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L943-L962" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "99d982701b156fe3523b359498c2d03899ea9805d6349416c9702b1067293471" logic_hash = "v1_sha256_8ad23b593880dc1bebc95c92d0efc3a90e6b1e143c350e30b1a4258502ce7fc7" score = 75 @@ -114012,8 +114012,8 @@ rule ELASTIC_Linux_Generic_Threat_D94E1020 : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L964-L982" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L964-L982" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "96a2bfbb55250b784e94b1006391cc51e4adecbdde1fe450eab53353186f6ff0" logic_hash = "v1_sha256_e4b4e588588080c66076aec02f56b4764a5f72059922db9651461c0287fe0351" score = 75 @@ -114041,8 +114041,8 @@ rule ELASTIC_Linux_Generic_Threat_Aa0C23D5 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L984-L1004" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L984-L1004" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8314290b81b827e1a1d157c41916a41a1c033e4f74876acc6806ed79ebbcc13d" logic_hash = "v1_sha256_092f0ece2dfca3e02493c00afffe48ca4feccf56ab6f22d952a7ba5f115f3765" score = 75 @@ -114072,8 +114072,8 @@ rule ELASTIC_Linux_Generic_Threat_8299C877 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1006-L1024" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1006-L1024" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "60c486049ec82b4fa2e0a53293ae6476216b76e2c23238ef1c723ac0a2ae070c" logic_hash = "v1_sha256_3e0653a02517faa3037fc5f3f01f6fb11164fecafc6eca457a122ef2d1a99010" score = 75 @@ -114101,8 +114101,8 @@ rule ELASTIC_Linux_Generic_Threat_81Aa5579 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1026-L1044" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1026-L1044" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6be0e2c98ba5255b76c31f689432a9de83a0d76a898c28dbed0ba11354fec6c2" logic_hash = "v1_sha256_c94d590daf61217335a72f3e1bc24b09084cf0a5a174c013c5aa97c01707c2bc" score = 75 @@ -114130,8 +114130,8 @@ rule ELASTIC_Linux_Generic_Threat_F2452362 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1046-L1065" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1046-L1065" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5ff46c27b5823e55f25c9567d687529a24a0d52dea5bc2423b36345782e6b8f6" logic_hash = "v1_sha256_95d51077cb7c0f4b089a2e2ee8fcbab204264ade7ddd64fc1ee0176183dc84e0" score = 75 @@ -114160,8 +114160,8 @@ rule ELASTIC_Linux_Generic_Threat_Da28Eb8B : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1067-L1086" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1067-L1086" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "b3b4fcd19d71814d3b4899528ee9c3c2188e4a7a4d8ddb88859b1a6868e8433f" logic_hash = "v1_sha256_8b0892d0dd8a012a1f9cd87a0ad3321ae751dd17a96205c12e6648946cf2afe2" score = 75 @@ -114190,8 +114190,8 @@ rule ELASTIC_Linux_Generic_Threat_A40Aaa96 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1088-L1108" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1088-L1108" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "6f965252141084524f85d94169b13938721bce24cc986bf870473566b7cfd81b" logic_hash = "v1_sha256_ab05cbf494b3b78083fd3e71703effed797d803b0203f8a413eb69b746656b1d" score = 75 @@ -114221,8 +114221,8 @@ rule ELASTIC_Linux_Generic_Threat_E24558E1 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1110-L1130" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1110-L1130" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "9f483ddd8971cad4b25bb36a5a0cfb95c35a12c7d5cb9124ef0cfd020da63e99" logic_hash = "v1_sha256_f1f33c719a4b41968c137ed43aa0591f97b4558d4dd9bd160df519dfbbc49205" score = 75 @@ -114252,8 +114252,8 @@ rule ELASTIC_Linux_Generic_Threat_Ace836F1 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1132-L1150" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1132-L1150" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "116aaba80e2f303206d0ba84c8c58a4e3e34b70a8ca2717fa9cf1aa414d5ffcc" logic_hash = "v1_sha256_c80af9d6f3e4d92cfa53429abbda944069d335fc89421a89e04089d236f5dddf" score = 75 @@ -114281,8 +114281,8 @@ rule ELASTIC_Linux_Generic_Threat_E9Aef030 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1152-L1170" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1152-L1170" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "5ab72be12cca8275d95a90188a1584d67f95d43a7903987e734002983b5a3925" logic_hash = "v1_sha256_1d458e147d6667e2e0740d6d26fee05ac02f49e9eba30002852e723308b1b462" score = 75 @@ -114310,8 +114310,8 @@ rule ELASTIC_Linux_Generic_Threat_A3C5F3Bd : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1172-L1192" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1172-L1192" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "8c093bcf3d83545ec442519637c956d2af62193ea6fd2769925cacda54e672b6" logic_hash = "v1_sha256_41e66d1f47e7197662aa661ef49ee1f3191fee07a49538dd631ce9cc6fdd56be" score = 75 @@ -114341,8 +114341,8 @@ rule ELASTIC_Linux_Generic_Threat_3Fa2Df51 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1194-L1213" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1194-L1213" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "89ec224db6b63936e8bc772415d785ef063bfd9343319892e832034696ff6f15" logic_hash = "v1_sha256_f43b659dd093a635d9723b2443366763132217aaf28c582ed43f180725f92f19" score = 75 @@ -114371,8 +114371,8 @@ rule ELASTIC_Linux_Generic_Threat_Be02B1C9 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Generic_Threat.yar#L1215-L1233" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Generic_Threat.yar#L1215-L1233" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "ef6d47ed26f9ac96836f112f1085656cf73fc445c8bacdb737b8be34d8e3bcd2" logic_hash = "v1_sha256_a278c3a8033139d84c99a53901526895b154b5ef363fbeed47095889a5fb8d31" score = 75 @@ -114400,8 +114400,8 @@ rule ELASTIC_Linux_Hacktool_Infectionmonkey_6C84537B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/401b9f547292bee56d26a35f5f9d313b0c513e89/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/c6eb0081d3784ad249bb8c3aa419fbfe54263215/LICENSE.txt" hash = "d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3" logic_hash = "v1_sha256_24cb368040fffe2743d0361a955d45a62a95a31c1744f3de15089169e365bb89" score = 75 @@ -114424,7 +114424,7 @@ rule ELASTIC_Linux_Hacktool_Infectionmonkey_6C84537B : FILE MEMORY * YARA Rule Set * Repository Name: R3c0nst * Repository: https://github.com/fboldewin/YARA-rules/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2 * Number of Rules: 26 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -115189,8 +115189,8 @@ rule R3C0NST_ATM_Malware_Dispcashbr : FILE * YARA Rule Set * Repository Name: CAPE * Repository: https://github.com/kevoreilly/CAPEv2 - * Retrieval Date: 2024-12-15 - * Git Commit: 7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43 + * Retrieval Date: 2024-12-22 + * Git Commit: 47b0665f51d7b3c3938422b92476721282543807 * Number of Rules: 165 * Skipped: 0 (age), 13 (quality), 3 (score), 0 (importance) * @@ -115872,8 +115872,8 @@ rule CAPE_Themida : FILE date = "2024-09-11" modified = "2024-09-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/binaries/Themida.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/binaries/Themida.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_c4f1e01a3fe3cb66062ce03253bfe9edc09dc6f1a77db99b281106e8ceff9257" score = 75 quality = 70 @@ -115895,8 +115895,8 @@ rule CAPE_Megacortex : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/MegaCortex.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/MegaCortex.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6" score = 75 quality = 70 @@ -115920,8 +115920,8 @@ rule CAPE_Sedreco : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Sedreco.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Sedreco.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca" score = 75 quality = 70 @@ -115945,8 +115945,8 @@ rule CAPE_Kronos : FILE date = "2020-07-02" modified = "2020-07-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Kronos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Kronos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3" score = 75 quality = 70 @@ -115971,8 +115971,8 @@ rule CAPE_Varenyky : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Varenyky.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Varenyky.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9" score = 75 quality = 70 @@ -115994,8 +115994,8 @@ rule CAPE_Amadey : FILE date = "2023-09-04" modified = "2023-09-04" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Amadey.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Amadey.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4" logic_hash = "v1_sha256_38f710b422a3644c9f0f3e80ad9ff28ef02050368c651a6cc2ce8b152b67bf48" score = 75 @@ -116020,8 +116020,8 @@ rule CAPE_Rokrat : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/RokRat.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/RokRat.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec" score = 75 quality = 70 @@ -116044,8 +116044,8 @@ rule CAPE_Eternalromance : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/EternalRomance.yar#L1-L33" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/EternalRomance.yar#L1-L33" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d" score = 75 quality = 68 @@ -116089,8 +116089,8 @@ rule CAPE_Vidar : FILE date = "2023-04-21" modified = "2023-04-21" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Vidar.yar#L1-L22" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Vidar.yar#L1-L22" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d" score = 75 quality = 70 @@ -116123,8 +116123,8 @@ rule CAPE_Zeuspanda : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/ZeusPanda.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/ZeusPanda.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761" score = 75 quality = 70 @@ -116147,8 +116147,8 @@ rule CAPE_Nettraveler : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/NetTraveler.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/NetTraveler.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_bf5026f1a1cb3d6986a29d22657a9f1904b362391a6715d7468f8f8aca351233" score = 75 quality = 70 @@ -116172,8 +116172,8 @@ rule CAPE_Buerloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/BuerLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/BuerLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29" score = 75 quality = 70 @@ -116197,8 +116197,8 @@ rule CAPE_Petya : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Petya.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Petya.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014" score = 75 quality = 70 @@ -116222,8 +116222,8 @@ rule CAPE_Oyster date = "2024-05-30" modified = "2024-05-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Oyster.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Oyster.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650" logic_hash = "v1_sha256_23ab1518712dbce8319b87785d7ffc0c2b61de82c2bbf533ebf0aae39ec33540" score = 75 @@ -116253,8 +116253,8 @@ rule CAPE_Zerot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/ZeroT.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/ZeroT.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803" score = 75 quality = 68 @@ -116280,8 +116280,8 @@ rule CAPE_Quasarrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/QuasarRAT.yar#L1-L22" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/QuasarRAT.yar#L1-L22" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_556b19dc0980761198ea31a285f281adae084463d24bff1eda15326436ad562b" score = 75 quality = 70 @@ -116315,8 +116315,8 @@ rule CAPE_Quasarrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/QuasarRAT.yar#L24-L43" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/QuasarRAT.yar#L24-L43" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_1f4296a592134edbe52e256dc353143af02e897ff1afad98f3dac0c5ab13f3f7" score = 75 quality = 70 @@ -116348,8 +116348,8 @@ rule CAPE_Ursnif : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Ursnif.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Ursnif.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd" score = 75 quality = 70 @@ -116378,8 +116378,8 @@ rule CAPE_Tscookie : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/TSCookie.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/TSCookie.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3" score = 75 quality = 70 @@ -116403,8 +116403,8 @@ rule CAPE_Dridexv4 : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/DridexV4.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/DridexV4.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6" score = 75 quality = 70 @@ -116430,8 +116430,8 @@ rule CAPE_Seduploader : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Seduploader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Seduploader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516" score = 75 quality = 70 @@ -116453,8 +116453,8 @@ rule CAPE_Wanacry : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/WanaCry.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/WanaCry.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944" score = 75 quality = 70 @@ -116480,8 +116480,8 @@ rule CAPE_Bazar : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Bazar.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Bazar.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d" score = 75 quality = 70 @@ -116504,8 +116504,8 @@ rule CAPE_Remcos : FILE date = "2022-05-10" modified = "2022-05-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Remcos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Remcos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710" score = 75 quality = 68 @@ -116530,8 +116530,8 @@ rule CAPE_Cerber : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Cerber.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Cerber.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3" score = 75 quality = 70 @@ -116555,8 +116555,8 @@ rule CAPE_Nighthawk date = "2022-12-05" modified = "2022-12-05" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Nighthawk.yar#L3-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Nighthawk.yar#L3-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2" score = 75 quality = 70 @@ -116580,8 +116580,8 @@ rule CAPE_Qakbot5 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/QakBot.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/QakBot.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35" logic_hash = "v1_sha256_cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf" score = 75 @@ -116607,8 +116607,8 @@ rule CAPE_Qakbot4 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/QakBot.yar#L17-L35" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/QakBot.yar#L17-L35" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f" score = 75 quality = 70 @@ -116638,8 +116638,8 @@ rule CAPE_Rozena date = "2024-03-15" modified = "2024-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Rozena.yar#L1-L10" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Rozena.yar#L1-L10" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135" score = 75 quality = 70 @@ -116662,8 +116662,8 @@ rule CAPE_Zloader : FILE date = "2024-05-06" modified = "2024-05-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Zloader.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Zloader.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa" logic_hash = "v1_sha256_a94efd87c69146cf5771341974e5abe789445d67dde3e045e1b87d3131539ff9" score = 75 @@ -116692,8 +116692,8 @@ rule CAPE_Doomedloader : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/DoomedLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/DoomedLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77" score = 75 quality = 70 @@ -116717,8 +116717,8 @@ rule CAPE_Icedid date = "2021-12-16" modified = "2021-12-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/IcedID.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/IcedID.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331" score = 75 quality = 45 @@ -116747,8 +116747,8 @@ rule CAPE_Gandcrab : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Gandcrab.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Gandcrab.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c" score = 75 quality = 70 @@ -116773,8 +116773,8 @@ rule CAPE_Rcsession date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/RCSession.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/RCSession.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d" score = 75 quality = 70 @@ -116797,8 +116797,8 @@ rule CAPE_Ursnifv3 : FILE date = "2023-03-23" modified = "2023-03-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/UrsnifV3.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/UrsnifV3.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8" score = 75 quality = 70 @@ -116827,8 +116827,8 @@ rule CAPE_Formbook date = "2023-10-13" modified = "2023-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Formbook.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Formbook.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e" score = 75 quality = 70 @@ -116857,8 +116857,8 @@ rule CAPE_Hermes : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Hermes.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Hermes.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b" score = 75 quality = 70 @@ -116882,8 +116882,8 @@ rule CAPE_Dcrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/DCRat.yar#L1-L66" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/DCRat.yar#L1-L66" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_5a02dcc2b9c7eb3efdba39047e37886240b45fb7e2db3b82aa5b4b9526dfb7f8" score = 75 quality = 45 @@ -116956,8 +116956,8 @@ rule CAPE_Dcrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/DCRat.yar#L68-L87" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/DCRat.yar#L68-L87" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_73ac27c3f0fc71d053e89690b5a7d29c1f8b0ea0a22e8595148a9001799fae54" score = 75 quality = 62 @@ -116989,8 +116989,8 @@ rule CAPE_Kpot : FILE date = "2020-10-19" modified = "2020-10-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Kpot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Kpot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f" score = 75 quality = 70 @@ -117014,8 +117014,8 @@ rule CAPE_Emotetloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/EmotetLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/EmotetLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773" score = 75 quality = 70 @@ -117037,8 +117037,8 @@ rule CAPE_Gootkit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Gootkit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Gootkit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7" score = 75 quality = 70 @@ -117060,8 +117060,8 @@ rule CAPE_Kovter : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Kovter.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Kovter.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d" score = 75 quality = 70 @@ -117086,8 +117086,8 @@ rule CAPE_Pikabotloader : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/PikaBot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/PikaBot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231" score = 75 quality = 70 @@ -117111,8 +117111,8 @@ rule CAPE_Pikabot : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/PikaBot.yar#L15-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/PikaBot.yar#L15-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7" score = 75 quality = 70 @@ -117137,8 +117137,8 @@ rule CAPE_Pik23 : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/PikaBot.yar#L30-L44" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/PikaBot.yar#L30-L44" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "v1_sha256_71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc" score = 75 @@ -117164,8 +117164,8 @@ rule CAPE_Hancitor : FILE date = "2020-10-20" modified = "2020-10-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Hancitor.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Hancitor.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c" score = 75 quality = 70 @@ -117190,8 +117190,8 @@ rule CAPE_Bruteratel date = "2024-07-11" modified = "2024-07-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/BruteRatel.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/BruteRatel.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_0984977c716d6f8e068c045166eb5db77c9fbce27513e555dceca348375f1a66" score = 75 quality = 70 @@ -117216,8 +117216,8 @@ rule CAPE_Lokibot : FILE date = "2022-02-01" modified = "2022-02-01" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/LokiBot.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/LokiBot.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06" score = 75 quality = 70 @@ -117240,8 +117240,8 @@ rule CAPE_Tclient : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/TClient.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/TClient.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d" score = 75 quality = 70 @@ -117263,8 +117263,8 @@ rule CAPE_Rhadamanthys date = "2023-09-18" modified = "2023-09-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Rhadamanthys.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Rhadamanthys.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_f71bee3ef1dd7b16a55397645d16c0a20d1fdd3bf662f241c0b11796629b11ff" score = 75 quality = 70 @@ -117289,8 +117289,8 @@ rule CAPE_Mole : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Mole.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Mole.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786" score = 75 quality = 70 @@ -117314,8 +117314,8 @@ rule CAPE_Magniber : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Magniber.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Magniber.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618" score = 75 quality = 70 @@ -117337,8 +117337,8 @@ rule CAPE_Nanolocker : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/NanoLocker.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/NanoLocker.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db" score = 75 quality = 70 @@ -117362,8 +117362,8 @@ rule CAPE_Squirrelwaffle : FILE date = "2021-10-13" modified = "2021-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500" score = 75 quality = 70 @@ -117386,8 +117386,8 @@ rule CAPE_Doppelpaymer : FILE date = "2022-06-27" modified = "2022-06-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/DoppelPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/DoppelPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d" score = 75 quality = 70 @@ -117410,8 +117410,8 @@ rule CAPE_Ramnit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Ramnit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Ramnit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd" score = 75 quality = 70 @@ -117435,8 +117435,8 @@ rule CAPE_Agent_Tesla date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AgentTesla.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AgentTesla.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be" score = 75 quality = 70 @@ -117462,8 +117462,8 @@ rule CAPE_Agenttesla : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AgentTesla.yar#L19-L41" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AgentTesla.yar#L19-L41" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188" score = 75 quality = 70 @@ -117495,8 +117495,8 @@ rule CAPE_Agentteslav2 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AgentTesla.yar#L43-L67" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AgentTesla.yar#L43-L67" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78" score = 75 quality = 70 @@ -117532,8 +117532,8 @@ rule CAPE_Agentteslav3 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AgentTesla.yar#L69-L111" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AgentTesla.yar#L69-L111" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_26c4fa0ce8de6982eb599f3872e8ab2a6e83da4741db7f3500c94e0a8fe5d459" score = 75 quality = 68 @@ -117586,8 +117586,8 @@ rule CAPE_Agentteslaxor : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AgentTesla.yar#L113-L123" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AgentTesla.yar#L113-L123" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5" score = 75 quality = 20 @@ -117609,8 +117609,8 @@ rule CAPE_Agentteslav4 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AgentTesla.yar#L125-L138" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AgentTesla.yar#L125-L138" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9" score = 75 quality = 70 @@ -117635,8 +117635,8 @@ rule CAPE_Agentteslav4Jit date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AgentTesla.yar#L140-L153" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AgentTesla.yar#L140-L153" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc" score = 75 quality = 70 @@ -117661,8 +117661,8 @@ rule CAPE_Asyncrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AsyncRAT.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AsyncRAT.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_8f960131bb86e1c09127324bd5877364ab25e0cb37f5f9755230c7fed9094de3" score = 75 quality = 66 @@ -117690,8 +117690,8 @@ rule CAPE_Asyncrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AsyncRAT.yar#L19-L40" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AsyncRAT.yar#L19-L40" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_2699ef93ae10b205b79025098afc1d1cfe7dbdf192f4d98a6e34a8f3de154810" score = 75 quality = 62 @@ -117724,8 +117724,8 @@ rule CAPE_Locky : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Locky.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Locky.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7" score = 75 quality = 70 @@ -117749,8 +117749,8 @@ rule CAPE_Cryptoshield : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Cryptoshield.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Cryptoshield.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6" score = 75 quality = 70 @@ -117774,8 +117774,8 @@ rule CAPE_Darkgate date = "2024-02-26" modified = "2024-02-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/DarkGate.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/DarkGate.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191" score = 75 quality = 70 @@ -117802,8 +117802,8 @@ rule CAPE_Carbanak : FILE date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Carbanak.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Carbanak.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84" logic_hash = "v1_sha256_8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367" score = 75 @@ -117828,8 +117828,8 @@ rule CAPE_Blister : FILE date = "2023-09-20" modified = "2023-09-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Blister.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Blister.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2" hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c" logic_hash = "v1_sha256_f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d" @@ -117857,8 +117857,8 @@ rule CAPE_Jaff : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Jaff.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Jaff.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418" score = 75 quality = 70 @@ -117883,8 +117883,8 @@ rule CAPE_Ryuk : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Ryuk.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Ryuk.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c" score = 75 quality = 70 @@ -117909,8 +117909,8 @@ rule CAPE_Smokeloader date = "2024-11-12" modified = "2024-11-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/SmokeLoader.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/SmokeLoader.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_779e2ac213e5ced7bc06e6208826b65cf8fc3113a69ede6408b84055542fa76d" score = 75 quality = 70 @@ -117935,8 +117935,8 @@ rule CAPE_Xworm : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/XWorm.yar#L1-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/XWorm.yar#L1-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_5a86c2f0a188135e53d86c176806a208abbe3dd830bde364016859ffa5294bd7" score = 75 quality = 68 @@ -117975,8 +117975,8 @@ rule CAPE_Xworm_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/XWorm.yar#L29-L46" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/XWorm.yar#L29-L46" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_3914be652bb7271e5e6b89d05edf10a54f8ddaf9e22d194b60501aa2cdd495d3" score = 75 quality = 66 @@ -118007,8 +118007,8 @@ rule CAPE_Stealc : FILE date = "2024-09-10" modified = "2024-09-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Stealc.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Stealc.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d" logic_hash = "v1_sha256_a6165168b7c74761b91d1691465688c748227b830813067edb4e9bdc934271c4" score = 75 @@ -118032,8 +118032,8 @@ rule CAPE_Blackdropper date = "2024-10-22" modified = "2024-10-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/BlackDropper.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/BlackDropper.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "f8026ae3237bdd885e5fcaceb86bcab4087d8857e50ba472ca79ce44c12bc257" logic_hash = "v1_sha256_c7f7bc740d413b479ebe45611ddfc04f7e4f2978516b2882069b2569c7acdf28" score = 75 @@ -118061,8 +118061,8 @@ rule CAPE_Cobaltstrikestager date = "2023-01-18" modified = "2023-01-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5" score = 75 quality = 70 @@ -118087,8 +118087,8 @@ rule CAPE_Atlas : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Atlas.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Atlas.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e" score = 75 quality = 70 @@ -118112,8 +118112,8 @@ rule CAPE_Latrodectus date = "2024-09-03" modified = "2024-09-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Latrodectus.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Latrodectus.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811" logic_hash = "v1_sha256_2f98d570bf9a490eecd2807599b93023ccacab86f3b7674f0118bbebd4dd2776" score = 75 @@ -118140,8 +118140,8 @@ rule CAPE_Latrodectus_AES date = "2024-09-03" modified = "2024-09-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Latrodectus.yar#L18-L34" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Latrodectus.yar#L18-L34" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8" logic_hash = "v1_sha256_1f00f6f187f15d39a30e15ffd14dae07707141999271ad4ac6a75ff4d93dd54d" score = 75 @@ -118169,8 +118169,8 @@ rule CAPE_Codoso : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Codoso.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Codoso.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8" score = 75 quality = 70 @@ -118194,8 +118194,8 @@ rule CAPE_Xenorat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/XenoRAT.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/XenoRAT.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_26f520fb69a52d05786fac0e9e38f5db9601da0a3e7768e00975a9684f3560ef" score = 75 quality = 66 @@ -118222,8 +118222,8 @@ rule CAPE_Arkei : FILE date = "2020-02-11" modified = "2020-02-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Arkei.yar#L1-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Arkei.yar#L1-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_03980827db1c53d4090ab196ba820ca34b5d83dc7140b11ead9182cb5d28c7d3" score = 75 quality = 70 @@ -118257,8 +118257,8 @@ rule CAPE_Scarab : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Scarab.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Scarab.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6" score = 75 quality = 70 @@ -118282,8 +118282,8 @@ rule CAPE_Azorult : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Azorult.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Azorult.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90" score = 75 quality = 70 @@ -118306,8 +118306,8 @@ rule CAPE_Bumblebee : FILE date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/BumbleBee.yar#L35-L50" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/BumbleBee.yar#L35-L50" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_bc7c2ce9d3cd598c9510dc64d78048999f2f89ee5a84cd0d6046dbdfabe260ee" score = 75 quality = 70 @@ -118334,8 +118334,8 @@ rule CAPE_Bumblebee2024 date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/BumbleBee.yar#L52-L68" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/BumbleBee.yar#L52-L68" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_db58272c1ba74bc6e6a90bdacf7e8feec94be5da2b5123e0475ce86448f3edb2" score = 75 quality = 70 @@ -118363,8 +118363,8 @@ rule CAPE_Nitrogenloader date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/NitrogenLoader.yar#L1-L23" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/NitrogenLoader.yar#L1-L23" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_24117d6e04bc964c17c08c9918502410890d7ccdc2e9971f2d01f6f0b41d3836" score = 75 quality = 70 @@ -118398,8 +118398,8 @@ rule CAPE_Badrabbit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/BadRabbit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/BadRabbit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c" score = 75 quality = 70 @@ -118423,8 +118423,8 @@ rule CAPE_Dreambot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Dreambot.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Dreambot.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b" score = 75 quality = 70 @@ -118449,8 +118449,8 @@ rule CAPE_Fareit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Fareit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Fareit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83" score = 75 quality = 70 @@ -118472,8 +118472,8 @@ rule CAPE_Masslogger : FILE date = "2020-11-24" modified = "2020-11-24" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/MassLogger.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/MassLogger.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c" score = 75 quality = 70 @@ -118496,8 +118496,8 @@ rule CAPE_Lumma : FILE date = "2024-10-22" modified = "2024-10-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Lumma.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Lumma.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_44408ffa7870dbc1a8a31567dd743f46542da01ed8083e5413392920b9d1bafe" score = 75 quality = 70 @@ -118523,8 +118523,8 @@ rule CAPE_Lockbit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Lockbit.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Lockbit.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9" score = 75 quality = 70 @@ -118550,8 +118550,8 @@ rule CAPE_Aurorastealer : FILE date = "2022-12-14" modified = "2023-03-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/AuroraStealer.yar#L1-L74" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/AuroraStealer.yar#L1-L74" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5" score = 75 quality = 45 @@ -118630,8 +118630,8 @@ rule CAPE_Koiloader date = "2024-10-25" modified = "2024-10-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/KoiLoader.yar#L1-L35" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/KoiLoader.yar#L1-L35" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "b462e3235c7578450b2b56a8aff875a3d99d22f6970a01db3ba98f7ecb6b01a0" logic_hash = "v1_sha256_264a536632f8f11c904b00c9d2e505b3263c733ad8fbc2ef19c25a5ad58cef90" score = 75 @@ -118675,8 +118675,8 @@ rule CAPE_Cargobayloader : FILE date = "2023-02-20" modified = "2023-02-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/CargoBayLoader.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/CargoBayLoader.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c" logic_hash = "v1_sha256_1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9" score = 75 @@ -118700,8 +118700,8 @@ rule CAPE_Socks5Systemz : FILE date = "2024-05-22" modified = "2024-05-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Socks5Systemz.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Socks5Systemz.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_44b83b6d2ab39b4258ae0d97d00d02afdbb62a3973fd788584e4dea9db69cc1b" score = 75 quality = 70 @@ -118730,8 +118730,8 @@ rule CAPE_Conti : FILE date = "2021-03-15" modified = "2021-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Conti.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Conti.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848" score = 75 quality = 70 @@ -118755,8 +118755,8 @@ rule CAPE_Petrwrap : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/PetrWrap.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/PetrWrap.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968" score = 75 quality = 70 @@ -118781,8 +118781,8 @@ rule CAPE_Bitpaymer : FILE date = "2019-11-27" modified = "2019-11-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/BitPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/BitPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c" score = 75 quality = 70 @@ -118805,8 +118805,8 @@ rule CAPE_Azer : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Azer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Azer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5" score = 75 quality = 70 @@ -118830,8 +118830,8 @@ rule CAPE_Nemty : FILE date = "2020-04-03" modified = "2020-04-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/Nemty.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/Nemty.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419" score = 75 quality = 70 @@ -118855,8 +118855,8 @@ rule CAPE_Trickbot date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/TrickBot.yar#L1-L20" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/TrickBot.yar#L1-L20" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea" score = 75 quality = 70 @@ -118887,8 +118887,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/TrickBot.yar#L22-L38" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/TrickBot.yar#L22-L38" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "491115422a6b94dc952982e6914adc39" logic_hash = "v1_sha256_564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2" score = 75 @@ -118916,8 +118916,8 @@ rule CAPE_Dridexloader : FILE date = "2021-03-10" modified = "2021-03-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/data/yara/CAPE/DridexLoader.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/data/yara/CAPE/DridexLoader.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588" score = 75 quality = 70 @@ -118944,8 +118944,8 @@ rule CAPE_Singlestepantihook date = "2021-08-26" modified = "2021-08-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_fc9f36b0ecc13192fe8b6caaff256ac52c1f14480223d629a38ba84e90dd0809" score = 75 quality = 70 @@ -118967,8 +118967,8 @@ rule CAPE_Heavenssyscall : FILE date = "2024-03-25" modified = "2024-03-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_aeb981fcba0936ff8b1be4c601445fd45e5d3b74856a9439d351edd57f5a50c3" score = 75 quality = 70 @@ -118992,8 +118992,8 @@ rule CAPE_Gettickcountantivm date = "2022-02-25" modified = "2022-02-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "662bc7839ed7ddd82d5fdafa29fafd9a9ec299c28820fe4104fbba9be1a09c42" hash = "00f1537b13933762e1146e41f3bac668123fac7eacd0aa1f7be0aa37a91ef3ce" hash = "549bca48d0bac94b6a1e6eb36647cd007fed5c0e75a0e4aa315ceabdafe46541" @@ -119024,8 +119024,8 @@ rule CAPE_Buerloader_1 : FILE date = "2021-03-13" modified = "2021-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/BuerLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/BuerLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6f9f9b4c01251c0643c61701084cca2bdfeea08ca95f982355565cf05483d940" score = 75 quality = 70 @@ -119047,8 +119047,8 @@ rule CAPE_Modiloader : FILE date = "2023-10-19" modified = "2023-10-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/ModiLoader.yar#L1-L39" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/ModiLoader.yar#L1-L39" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_fc006377e6d41515503b0b234ff87f59d930a7d9f8b32d2e072de79b9c52ddc4" score = 75 quality = 66 @@ -119092,8 +119092,8 @@ rule CAPE_Risepro : FILE date = "2023-12-16" modified = "2023-12-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/RisePro.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/RisePro.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "1b69a1dd5961241b926605f0a015fa17149c3b2759fb077a30a22d4ddcc273f6" logic_hash = "v1_sha256_055ca8328923b91f93c116e4a856366356fa11155f4e9fde95da31129b51386a" score = 75 @@ -119118,8 +119118,8 @@ rule CAPE_Privateloader date = "2024-10-04" modified = "2024-10-04" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_204a86bb3743f19fed0fe55ff5ccd716661f7f315b5966a29e434ccb3e160526" score = 75 quality = 70 @@ -119142,8 +119142,8 @@ rule CAPE_Qakbot5_1 : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/QakBot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/QakBot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_303ea2d8d1a7f0fd0ca5508dae2c1b83c03b1e3e975760f15d36d93bcc152767" score = 75 quality = 70 @@ -119167,8 +119167,8 @@ rule CAPE_Qakbot4_1 : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/QakBot.yar#L15-L29" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/QakBot.yar#L15-L29" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_ad75b07b9b786f634fd46cbe6dc089d3f732673320e70714e8ab058f0392c9f5" score = 75 quality = 70 @@ -119194,8 +119194,8 @@ rule CAPE_Qakbotloader : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/QakBot.yar#L31-L46" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/QakBot.yar#L31-L46" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a" logic_hash = "v1_sha256_00869c0a9bf62cde3f46ca915b0ef689557b09dc58d6de34609e3998abfa7e98" score = 75 @@ -119222,8 +119222,8 @@ rule CAPE_Qakbotantivm date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/QakBot.yar#L48-L59" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/QakBot.yar#L48-L59" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "e269497ce458b21c8427b3f6f6594a25d583490930af2d3395cb013b20d08ff7" logic_hash = "v1_sha256_20f1cd28f38945a3aa328e77e78525fb1ffc47ecf54d5a40c2f18264c3973989" score = 75 @@ -119246,8 +119246,8 @@ rule CAPE_Zloader_1 : FILE date = "2024-05-03" modified = "2024-05-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Zloader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Zloader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_319adca805083c7f5854fe840447cf961addbd748f1f25eb8ec8cdeed7af38aa" score = 75 quality = 70 @@ -119270,8 +119270,8 @@ rule CAPE_Zloader_2024 : FILE date = "2024-05-03" modified = "2024-05-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Zloader.yar#L14-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Zloader.yar#L14-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_38d555ef5f613cf7ca043697c479100a7a22e7f043acf8b6a46f8009eb92fd7e" score = 75 quality = 70 @@ -119295,8 +119295,8 @@ rule CAPE_Guloaderprecursor : FILE date = "2023-10-02" modified = "2023-10-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Guloader.yar#L17-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Guloader.yar#L17-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_ea05c352739366a03da302074b01537382ba26f7fd5049004f156e47d284f070" score = 75 quality = 70 @@ -119319,8 +119319,8 @@ rule CAPE_Rdtscpantivm date = "2021-12-11" modified = "2021-12-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_be0f9b52fb630730a38160f4ad2d50b6b4bea5edd82e3ea4d1e257cf7b090910" score = 75 quality = 70 @@ -119342,8 +119342,8 @@ rule CAPE_Icedidsyscallwritemem : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/IcedID.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/IcedID.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6b068106b038e9efeb9057cadf314d400c1ada1a1cc70336d3272da3a212c993" score = 75 quality = 70 @@ -119367,8 +119367,8 @@ rule CAPE_Icedidhook date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/IcedID.yar#L15-L25" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/IcedID.yar#L15-L25" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_fd62e0ed6f2a18472fa9336daee0e8a3a55e21779a8385394e85f96da928e24f" score = 75 quality = 70 @@ -119390,8 +119390,8 @@ rule CAPE_Icedidpackera : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/IcedID.yar#L27-L40" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/IcedID.yar#L27-L40" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe" logic_hash = "v1_sha256_aa0681e7794546355e6d61f739c49035a493cdfca7e666531d74e3835ec44408" score = 75 @@ -119416,8 +119416,8 @@ rule CAPE_Icedidpackerb : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/IcedID.yar#L42-L56" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/IcedID.yar#L42-L56" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "6517ef2c579002ec62ddeb01a3175917c75d79ceca355c415a4462922c715cb6" logic_hash = "v1_sha256_fde1e2c0124d180b2fa3d0675b35e8d78fdd7b06cd27e9228c148aa29ce30ee7" score = 75 @@ -119442,8 +119442,8 @@ rule CAPE_Icedidpackerc : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/IcedID.yar#L58-L71" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/IcedID.yar#L58-L71" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "c06805b6efd482c1a671ec60c1469e47772c8937ec0496f74e987276fa9020a5" hash = "265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844" logic_hash = "v1_sha256_f1e75e380ab0947fdfda012b7a5077a1c2ef51163239846ab2dc29cac95ba166" @@ -119468,8 +119468,8 @@ rule CAPE_Icedidpackerd : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/IcedID.yar#L73-L86" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/IcedID.yar#L73-L86" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "7b226f8cc05fa7d846c52eb0ec386ab37f9bae04372372509daa6bacc9f885d8" logic_hash = "v1_sha256_6685e0246f5a11ce0ca33447837de06506b447a5f8591423e2b76f2ab0274dc7" score = 75 @@ -119494,8 +119494,8 @@ rule CAPE_Icedsleep : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/IcedID.yar#L88-L99" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/IcedID.yar#L88-L99" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_0b1a8be95b1b8a3b066837f9e47561ee8202d741b39d64e626c0461c2fbf7c70" score = 75 quality = 70 @@ -119518,8 +119518,8 @@ rule CAPE_Ursnifv3_1 date = "2023-03-23" modified = "2023-03-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_d679546e37ee58087fce75920b2ce4e6d2b9ae55fb1ef80d14ec14309396757c" score = 75 quality = 70 @@ -119546,8 +119546,8 @@ rule CAPE_Formhooka date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Formbook.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Formbook.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_21b8101a7039cfad0e9d49cc1f055bc23a2eb4c973dcda2a81a007e452d77a6d" score = 75 quality = 70 @@ -119572,8 +119572,8 @@ rule CAPE_Formhookb date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Formbook.yar#L16-L29" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Formbook.yar#L16-L29" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_b8b677ca239c6c5faf44f7a46c1e3e231f5708fb13aac724fd3ac9f865b965d8" score = 75 quality = 70 @@ -119598,8 +119598,8 @@ rule CAPE_Formconfa date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Formbook.yar#L31-L43" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Formbook.yar#L31-L43" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_b0aa4cec55a21245d8104380c531dd6cc0fdef64fbefd79616eadfb4e95b2d75" score = 75 quality = 70 @@ -119623,8 +119623,8 @@ rule CAPE_Formhelper date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Formbook.yar#L45-L57" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Formbook.yar#L45-L57" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_77cdfc94aac089c4f2590f4afbab35351fc6e104e67813548c68c59d27019a63" score = 75 quality = 70 @@ -119648,8 +119648,8 @@ rule CAPE_Formconfb date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Formbook.yar#L59-L73" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Formbook.yar#L59-L73" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_8a96ef5c6cebb51186acd099b795066e8e8b2c2adbed4dcc66b81228f70e5c4f" score = 75 quality = 70 @@ -119675,8 +119675,8 @@ rule CAPE_Formconfc date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Formbook.yar#L75-L87" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Formbook.yar#L75-L87" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_f52bce00d2ec88682115a8720f0a182b7ef7fe7b9b9fc466bb8ddc1779341509" score = 75 quality = 70 @@ -119700,8 +119700,8 @@ rule CAPE_Emotetpacker : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "5a95d1d87ce69881b58a0e3aafc1929861e2633cdd960021d7b23e2a36409e0d" logic_hash = "v1_sha256_5f27d9d18884f7e0805f69960869b332c1577bf8be8ac103285e8bf98cda0ffd" score = 75 @@ -119725,8 +119725,8 @@ rule CAPE_Mysterysnail date = "2021-10-16" modified = "2021-10-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/MysterySnail.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/MysterySnail.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_9402dbbbfdd286e2309ee83fc08194f70f73657a3a4e3785dfbcb564dbee86a8" score = 75 quality = 70 @@ -119748,8 +119748,8 @@ rule CAPE_Bruteratelsyscall date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/BruteRatel.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/BruteRatel.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_5ed054b3cd5d2659c250945d55d6adac90945963c34ad2af0f8d7436141e86b6" score = 75 quality = 70 @@ -119772,8 +119772,8 @@ rule CAPE_Bruteratelpacker date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/BruteRatel.yar#L14-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/BruteRatel.yar#L14-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_2ccb17efe378d034df34d20d7580c58171d0fd11c18fef6c9a23f1ba238514e6" score = 75 quality = 70 @@ -119797,8 +119797,8 @@ rule CAPE_Bruterateldate date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/BruteRatel.yar#L28-L39" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/BruteRatel.yar#L28-L39" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_88589b2d08aea03565668ff1b9af20b6fe11cda50d867c60db7cb4d1826b0fd7" score = 75 quality = 70 @@ -119821,8 +119821,8 @@ rule CAPE_Bruteratelconfig date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/BruteRatel.yar#L41-L51" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/BruteRatel.yar#L41-L51" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_b1815aafec940ab6c8daafc68ccf294845221ada260de5209dcb7e49ccd061c7" score = 75 quality = 70 @@ -119844,8 +119844,8 @@ rule CAPE_Darkgateloader date = "2023-10-02" modified = "2023-10-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_56069f38edb7d50b0d5680a847d85b1aabc97e432a37911ac9d28aee3b12f526" score = 75 quality = 68 @@ -119871,8 +119871,8 @@ rule CAPE_Rhadamanthys_1 date = "2023-04-18" modified = "2023-04-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_3c8fbfe14f81e099fc900023d9c856e3f45b99af38889ed952b2ac67a636f51d" score = 75 quality = 70 @@ -119897,8 +119897,8 @@ rule CAPE_Agentteslav3Jit date = "2024-02-27" modified = "2024-02-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/AgentTesla.yar#L16-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/AgentTesla.yar#L16-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_62a49cf4295df637f96ba7c127cfc4aeb9af2fcced497fdf34d726a062edc1ec" score = 75 quality = 70 @@ -119920,8 +119920,8 @@ rule CAPE_Blister_1 : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Blister.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Blister.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_aba379b93c85241cf250829832b2c8a5eaafb3abd0ff955dbaf0d06489c00deb" score = 75 quality = 70 @@ -119949,8 +119949,8 @@ rule CAPE_Pikahook : FILE date = "2024-03-12" modified = "2024-03-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Pikabot.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Pikabot.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_2a50a5f2d905122a5b7ac8ca3666b47caa24d325e246841129e53807daf2a1dd" score = 75 quality = 70 @@ -119975,8 +119975,8 @@ rule CAPE_Pikexport : FILE date = "2024-03-12" modified = "2024-03-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Pikabot.yar#L16-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Pikabot.yar#L16-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646" logic_hash = "v1_sha256_33f58703a0e40c2361343dbdcc17111aafbf5cc912393edda79005c6ec566f42" score = 75 @@ -120000,8 +120000,8 @@ rule CAPE_Vbcrypter date = "2021-03-28" modified = "2021-03-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/VBCrypter.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/VBCrypter.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_a62bca62ab624ab1a2c2e612c5b7e6d543006026a49c07c46800499e31e41c4e" score = 75 quality = 70 @@ -120023,8 +120023,8 @@ rule CAPE_Smokeloader_1 : FILE date = "2023-02-06" modified = "2023-02-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_4b15162f4b754cdd6a9124f29f0fd979085734063a0b17f2a97a9750f29e2e0b" score = 75 quality = 70 @@ -120046,8 +120046,8 @@ rule CAPE_Xworm_1 date = "2023-11-07" modified = "2023-11-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/XWorm.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/XWorm.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_d8e103f3470e83d71cd4992b74698c0721b8a69d764fdb7a4543997b2853014a" score = 75 quality = 70 @@ -120069,8 +120069,8 @@ rule CAPE_Stealcanti : FILE date = "2024-01-19" modified = "2024-01-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Stealc.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Stealc.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d" logic_hash = "v1_sha256_4132e8094b0b49a89e9f40a8b1a6abbf105bbb04e4ddf3ce739e39fc2baf0d13" score = 75 @@ -120094,8 +120094,8 @@ rule CAPE_Stealcstrings : FILE date = "2024-01-19" modified = "2024-01-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Stealc.yar#L15-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Stealc.yar#L15-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_6d402446a979c00b6257ace9924db381d98c530b22968bd2776c66d58c7faefc" score = 75 quality = 70 @@ -120118,8 +120118,8 @@ rule CAPE_Latrodectus_1 : FILE date = "2024-02-26" modified = "2024-02-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Latrodectus.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Latrodectus.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05" logic_hash = "v1_sha256_c2c9f23e287253d766425c05eb774f6e07bdcbabc259e04b723a1a87c8b91fbd" score = 75 @@ -120142,8 +120142,8 @@ rule CAPE_Anticuckoo : FILE date = "2023-03-17" modified = "2023-03-17" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" hash = "ad5e52f144bb4a1dae3090978c6ecb4c7732538c9b62a6cedd32eccee6094be5" logic_hash = "v1_sha256_a039aeca2dae44980e8bffafacfda90975e107001be50f11ac916b35ad43592e" score = 75 @@ -120166,8 +120166,8 @@ rule CAPE_Bumblebeeshellcode_1 date = "2023-02-08" modified = "2023-02-08" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/BumbleBee.yar#L18-L32" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/BumbleBee.yar#L18-L32" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_865510868ee7c089c2ada0645098e851ca2bb9084a74315ce16296eb19c93ab4" score = 75 quality = 70 @@ -120193,8 +120193,8 @@ rule CAPE_Loadersyscall date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_3c7ffd8b95032cffecff7fa7e5f5f561cce13e1109f6a9b30bc743642b495e45" score = 75 quality = 70 @@ -120218,8 +120218,8 @@ rule CAPE_Nitrogenloaderaes date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_de8ed0e98948cfadfd579e334fd9ce9f777ddbd988de897529ba71cb5eb2d396" score = 75 quality = 70 @@ -120243,8 +120243,8 @@ rule CAPE_Nitrogenloaderbypass date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_3a034d3ddd18723ea1f91814c8c2a2c47a749dfd1496a5d4777d8ff8bfab3457" score = 75 quality = 70 @@ -120268,8 +120268,8 @@ rule CAPE_Nitrogenloaderconfig date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L54" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L54" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_a1f9e95b8039b16e3926b7288c036e81cf72b2dbb91ab9e69125f18d89fa1a03" score = 75 quality = 70 @@ -120292,8 +120292,8 @@ rule CAPE_Lumma_1 : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Lumma.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Lumma.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_a8f9212b619796f91f14c4164e4d2f30c66b51118f22f3d6c310841b6707b7b0" score = 75 quality = 70 @@ -120318,8 +120318,8 @@ rule CAPE_Lummaremap date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/Lumma.yar#L16-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/Lumma.yar#L16-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_51093379fbd041f75bdfe161bc9dfcc7d782c23ce16d625ca558bb58d8d57713" score = 75 quality = 70 @@ -120342,8 +120342,8 @@ rule CAPE_Slowloader date = "2024-09-23" modified = "2024-09-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/SlowLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/SlowLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_f07528c646ebd980a5e843caa4a4715e31b22c3cd091576600e9fe45d7fc2fe4" score = 75 quality = 70 @@ -120366,8 +120366,8 @@ rule CAPE_Dridexloader_1 : FILE date = "2021-03-09" modified = "2021-03-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/analyzer/windows/data/yara/DridexLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/7aae5b71ad4a1bbb4912792a8a857b33e1ab3f43/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/analyzer/windows/data/yara/DridexLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/47b0665f51d7b3c3938422b92476721282543807/LICENSE" logic_hash = "v1_sha256_00a3e4e80a2558ee52035f091e2339fa2dad6f6515b9dc099f2f3800e4c70bce" score = 75 quality = 70 @@ -120384,7 +120384,7 @@ rule CAPE_Dridexloader_1 : FILE * YARA Rule Set * Repository Name: BinaryAlert * Repository: https://github.com/airbnb/binaryalert/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b * Number of Rules: 78 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -122795,7 +122795,7 @@ rule BINARYALERT_Hacktool_Windows_Ncc_Wmicmd * YARA Rule Set * Repository Name: DeadBits * Repository: https://github.com/deadbits/yara-rules/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001 * Number of Rules: 19 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -123191,7 +123191,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR description = "No description has been set in the source file - DeadBits" author = "Adam M. Swanda" id = "a65f0bbd-0088-59ed-a8a0-8d287914ee05" - date = "2019-11-15" + date = "2019-11-22" modified = "2019-12-04" reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/" source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41" @@ -123648,7 +123648,7 @@ rule DEADBITS_KPOT_V2 : WINMALWARE INFOSTEALER FILE * YARA Rule Set * Repository Name: DelivrTo * Repository: https://github.com/delivr-to/detections - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 84158c63141cd22c128ff6f016329ffe67112f43 * Number of Rules: 9 * Skipped: 0 (age), 2 (quality), 0 (score), 0 (importance) @@ -123875,7 +123875,7 @@ rule DELIVRTO_SUSP_HTML_WASM_Smuggling * YARA Rule Set * Repository Name: ESET * Repository: https://github.com/eset/malware-ioc - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 9431ee8ccf63b1c014bfaa5f1a28dc747772d28d * Number of Rules: 103 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -125815,7 +125815,7 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Header_Decryption : FILE description = "Matches the function used to decrypt resources headers in TA410 FlowCloud" author = "ESET Research" id = "dad09e87-9e5b-59b7-8eed-b37c2b9e9b35" - date = "2024-01-15" + date = "2024-01-22" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" source_url = "https://github.com/eset/malware-ioc/blob/9431ee8ccf63b1c014bfaa5f1a28dc747772d28d/ta410/ta410.yar#L417-L496" @@ -127602,7 +127602,7 @@ rule ESET_Sparklinggoblin_Mutex * YARA Rule Set * Repository Name: FireEye-RT * Repository: https://github.com/mandiant/red_team_tool_countermeasures/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 3561b71724dbfa3e2bb78106aaa2d7f8b892c43b * Number of Rules: 167 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -132301,7 +132301,7 @@ rule FIREEYE_RT_Hunting_Gadgettojscript_1 * YARA Rule Set * Repository Name: GCTI * Repository: https://github.com/chronicle/GCTI - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 1c5fd42b1895098527fde00c2d9757edf6b303bb * Number of Rules: 90 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -135518,7 +135518,7 @@ rule GCTI_Sliver_Implant_32Bit * YARA Rule Set * Repository Name: Malpedia * Repository: https://github.com/malpedia/signator-rules/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 6558c417dcf07146b1309b6acde6be0aa96dea10 * Number of Rules: 1469 * Skipped: 0 (age), 15 (quality), 0 (score), 0 (importance) @@ -196581,7 +196581,7 @@ rule MALPEDIA_Win_Coronavirus_Ransomware_Auto : FILE * YARA Rule Set * Repository Name: Trellix ARC * Repository: https://github.com/advanced-threat-research/Yara-Rules/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: fc51a3fe3b450838614a5a5aa327c6bd8689cbb2 * Number of Rules: 162 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -202468,7 +202468,7 @@ rule TRELLIX_ARC_Apt_Babar_Malware : BACKDOOR FILE * YARA Rule Set * Repository Name: Arkbird SOLG * Repository: https://github.com/StrangerealIntel/DailyIOC - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: a873ff1298c43705e9c67286f3014f4300dd04f7 * Number of Rules: 215 * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance) @@ -209590,7 +209590,7 @@ rule ARKBIRD_SOLG_MAL_Zstealer_Nov_2021_1 : FILE * YARA Rule Set * Repository Name: Telekom Security * Repository: https://github.com/telekom-security/malware_analysis/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: bf832d97e8fd292ec5e095e35bde992a6462e71c * Number of Rules: 12 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -209958,7 +209958,7 @@ rule TELEKOM_SECURITY_Win_Iceid_Core_202104 : FILE * YARA Rule Set * Repository Name: Volexity * Repository: https://github.com/volexity/threat-intel - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: b2dd39c31efbb1ed004fb25faaace7d5caf2f424 * Number of Rules: 88 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -213004,7 +213004,7 @@ rule VOLEXITY_Apt_Delivery_Web_Js_Jmask : EVILBAMBOO FILE * YARA Rule Set * Repository Name: JPCERTCC * Repository: https://github.com/JPCERTCC/MalConfScan/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e * Number of Rules: 30 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -213848,7 +213848,7 @@ rule JPCERTCC_Elf_Wellmess : FILE * YARA Rule Set * Repository Name: SecuInfra * Repository: https://github.com/SIFalcon/Detection - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd * Number of Rules: 45 * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance) @@ -214271,9 +214271,9 @@ rule SECUINFRA_RANSOM_Esxiargs_Ransomware_Python_Feb23 condition: $python and $desc and 4 of ( $command* ) and $cmd and $OpenSLPPort and $listener } +import "math" import "pe" import "console" -import "math" rule SECUINFRA_RANSOM_Lockbit_Black_Packer : RANSOMWARE FILE { @@ -215152,7 +215152,7 @@ rule SECUINFRA_DROPPER_Asyncrat_VBS_February_2022_1 : FILE * YARA Rule Set * Repository Name: RussianPanda * Repository: https://github.com/RussianPanda95/Yara-Rules - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 2b40630c067f4ba3a207fcf1951e07a9a01ba69a * Number of Rules: 75 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -217123,7 +217123,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader : FILE * YARA Rule Set * Repository Name: Check Point * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 4 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -217337,7 +217337,7 @@ rule CHECK_POINT_Malware_Bumblebee_Packed * YARA Rule Set * Repository Name: Dragon Threat Labs * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 7 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -217528,7 +217528,7 @@ rule DRAGON_THREAT_LABS_Apt_C16_Win64_Dropper : DROPPER FILE * YARA Rule Set * Repository Name: Microsoft * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 21 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -218132,7 +218132,7 @@ rule MICROSOFT_Devilstongue_Hijackdll : FILE * YARA Rule Set * Repository Name: NCSC * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 17 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -218603,7 +218603,7 @@ rule NCSC_Sparrowdoor_Sleep_Routine * YARA Rule Set * Repository Name: Dr4k0nia * Repository: https://github.com/dr4k0nia/yara-rules - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8 * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -218784,7 +218784,7 @@ rule DR4K0NIA_Msil_Suspicious_Use_Of_Strreverse : FILE * YARA Rule Set * Repository Name: EmbeeResearch * Repository: https://github.com/embee-research/Yara-detection-rules/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4 * Number of Rules: 39 * Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance) @@ -219460,8 +219460,8 @@ rule EMBEERESEARCH_Win_Njrat_Bytecodes_V2_Oct_2023 condition: dotnet.is_dotnet and ( all of ( $s* ) ) } -import "pe" import "math" +import "pe" rule EMBEERESEARCH_Win_Pikabot_Resource_Entropy_Oct_2023 { @@ -219877,7 +219877,7 @@ rule EMBEERESEARCH_Win_Havoc_Djb2_Hashing_Routine_Oct_2022 : FILE * YARA Rule Set * Repository Name: AvastTI * Repository: https://github.com/avast/ioc - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: c696ec4bc17b1d41d5585d40ccf476f445b4a3de * Number of Rules: 33 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -220740,7 +220740,7 @@ rule AVASTTI_Cobaltstrike_Beacon_Xored_X64 * YARA Rule Set * Repository Name: SBousseaden * Repository: https://github.com/sbousseaden/YaraHunts/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb * Number of Rules: 36 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -221817,7 +221817,7 @@ rule SBOUSSEADEN_Shad0W_Beacon_16June : FILE * YARA Rule Set * Repository Name: Elceef * Repository: https://github.com/elceef/yara-rulz - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 05834717d1464d5efce8ad9d688ff7b53886a0bb * Number of Rules: 17 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -222317,7 +222317,7 @@ rule ELCEEF_ZIP_High_Ratio_Single_Doc : FILE * YARA Rule Set * Repository Name: Cod3nym * Repository: https://github.com/cod3nym/detection-rules/ - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: ad485bff0ce30afb56e367b7f2b76fea81e78fc9 * Number of Rules: 13 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -222759,7 +222759,7 @@ rule COD3NYM_SUSP_RLO_Exe_Extension_Spoofing_Jan24 * YARA Rule Set * Repository Name: craiu * Repository: https://github.com/craiu/yararules - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 23cf0ca22021fa3684e180a18416b9ae1b695243 * Number of Rules: 13 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -223924,7 +223924,7 @@ rule CRAIU_Exploit_CVE_2024_6387 : CVE_2024_6387 FILE * YARA Rule Set * Repository Name: DitekSHen * Repository: https://github.com/ditekshen/detection - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: e76c93dcdedff04076380ffc60ea54e45b313635 * Number of Rules: 1443 * Skipped: 0 (age), 112 (quality), 0 (score), 0 (importance) @@ -264368,7 +264368,7 @@ rule DITEKSHEN_INDICATOR_RTF_Remotetemplate : CVE_2017_11882 FILE * YARA Rule Set * Repository Name: WithSecureLabs * Repository: https://github.com/WithSecureLabs/iocs - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 29adc4b6c2c2850f0f385aec77ab6fc0d7a8f20c * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -264623,7 +264623,7 @@ rule WITHSECURELABS_Kapeka_Backdoor : FILE * YARA Rule Set * Repository Name: HarfangLab * Repository: https://github.com/HarfangLab/iocs - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 8dd8e9296b110ce3fb13bc557a0295dff8c4c357 * Number of Rules: 18 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -265316,8 +265316,8 @@ rule HARFANGLAB_Custom_Ateraagent_Operator : FILE * YARA Rule Set * Repository Name: LOLDrivers * Repository: https://github.com/magicsword-io/LOLDrivers/ - * Retrieval Date: 2024-12-15 - * Git Commit: c9f1c82aac6d9d4c2e472375af843110e0f9b663 + * Retrieval Date: 2024-12-22 + * Git Commit: 23108d3a3a01afb30b93e1fd32d8f0a750159f4c * Number of Rules: 529 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) * @@ -265536,8 +265536,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_34BE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2-L29" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2-L29" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "34bee22c18ddbddbe115cf1ab55cabf0e482aba1eb2c343153577fb24b7226d3" hash = "5177a3b7393fb5855b2ec0a45d4c91660b958ee077e76e5a7d0669f2e04bcf02" hash = "368a9c2b6f12adbe2ba65181fb96f8b0d2241e4eae9f3ce3e20e50c3a3cc9aa1" @@ -265574,8 +265574,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_0E85 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L32-L60" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L32-L60" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0e8595217f4457757bed0e3cdea25ea70429732b173bba999f02dc85c7e06d02" hash = "73c03b01d5d1eb03ec5cb5a443714b12fa095cc4b09ddc34671a92117ae4bb3a" hash = "b0f6cd34717d0cea5ab394b39a9de3a479ca472a071540a595117219d9a61a44" @@ -265613,8 +265613,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wisecleanercom_Wiseunlosys_Wiseunlo_786F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L63-L86" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L63-L86" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "786f0ba14567a7e19192645ad4e40bee6df259abf2fbdfda35b6a38f8493d6cc" hash = "87aae726bf7104aac8c8f566ea98f2b51a2bfb6097b6fc8aa1f70adeb4681e1b" hash = "daf549a7080d384ba99d1b5bd2383dbb1aa640f7ea3a216df1f08981508155f5" @@ -265647,8 +265647,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_A397 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L89-L122" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L89-L122" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a3975db1127c331ba541fffff0c607a15c45b47aa078e756b402422ef7e81c2c" hash = "6befa481e8cca8084d9ec3a1925782cd3c28ef7a3e4384e034d48deaabb96b63" hash = "f7e0cca8ad9ea1e34fa1a5e0533a746b2fa0988ba56b01542bc43841e463b686" @@ -265691,8 +265691,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_D7E0 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L125-L142" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L125-L142" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0" logic_hash = "v1_sha256_229c98a4e55486cde122edd3a846c6cec6b242ee9e0269bf25e92d1e00e63d67" score = 40 @@ -265719,8 +265719,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_2298 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L145-L170" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L145-L170" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2298e838e3c015aedfb83ab18194a2503fe5764a862c294c8b39c550aab2f08e" hash = "2a6db9facf9e13d35c37dd468be04bae5f70c6127a9aee76daebddbdec95d486" hash = "69640e9209f8e2ac25416bd3119b5308894b6ce22b5c80cb5d5f98f2f85d42ce" @@ -265755,8 +265755,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asrockincorporation_Asrdrvsys_Asrockiodriver_4D0 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L173-L202" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L173-L202" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4d03a01257e156a3a018230059052791c3cde556e5cec7a4dd2f55f65c06e146" hash = "3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838" hash = "950a4c0c772021cee26011a92194f0e58d61588f77f2873aa0599dff52a160c9" @@ -265795,8 +265795,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Getactechnologycorporation_Mtcbsvsys_Getacsystem date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L205-L224" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L205-L224" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0abca92512fc98fe6c2e7d0a33935686fc3acbd0a4c68b51f4a70ece828c0664" logic_hash = "v1_sha256_5c46f095f8329b4dab225ff3b15eb102ecfa9f25f0f86f1d18ea3a6690e267b8" score = 40 @@ -265825,8 +265825,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_D7B7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L227-L249" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L227-L249" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d7b743c3f98662c955c616e0d1bb0800c9602e5b6f2385336a72623037bfd6dd" hash = "567809308cfb72d59b89364a6475f34a912d03889aa50866803ac3d0bf2c3270" hash = "93d873cdf23d5edc622b74f9544cac7fe247d7a68e1e2a7bf2879fad97a3ae63" @@ -265858,8 +265858,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Netfiltersys_Windowsrwind date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L252-L277" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L252-L277" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9dbc2a37f53507296cc912e7d354dab4e55541ba821561aa84f74d1bd8346be2" hash = "65a3e69854c729659281d2c5f8a4c8274ad3606befdcd9e1b79d3262f260bfa1" hash = "71701c5c569ef67391c995a12b21ca06935b7799ed211d978f7877115c58dce0" @@ -265894,8 +265894,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Lgdatacatchersys_Gameacc_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L280-L301" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L280-L301" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "07fb2bb6c852f6a6fe982b2232f047e167be39738bac26806ffe0927ba873756" hash = "516159871730b18c2bddedb1a9da110577112d4835606ee79bb80e7a58784a13" hash = "45b07a2f387e047a6bb0e59b7f22fb56182d57b50e84e386a38c2dbb7e773837" @@ -265926,8 +265926,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxguest_Virtualboxguestadditions_D date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L304-L323" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L304-L323" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d53f9111a5e6c94b37e3f39c5860897405cb250dd11aa91c3814a98b1759c055" logic_hash = "v1_sha256_06994b6e75aefad03b1346e1bcaf68dca8464526bf182557257c4f5635bb93ce" score = 40 @@ -265956,8 +265956,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Eldoscorporation_Elrawdsksys_Rawdisk_4744 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L326-L346" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L326-L346" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6" hash = "5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a" logic_hash = "v1_sha256_01faeb5fe7618ce1135a8532c76357cfea1dfb0932e3d7c4cf9ff7d1c8c1d8fb" @@ -265987,8 +265987,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L349-L368" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L349-L368" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "81aafae4c4158d0b9a6431aff0410745a0f6a43fb20a9ab316ffeb8c2e2ccac0" logic_hash = "v1_sha256_8be18437fb165bab491d1d63b01d744f14df8594288bf0d447b76913de934aa9" score = 40 @@ -266017,8 +266017,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L371-L390" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L371-L390" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f6cd7353cb6e86e98d387473ed6340f9b44241867508e209e944f548b9db1d5f" logic_hash = "v1_sha256_1f489ec71f92390aeb4137ba72cb88a950ed91f8e67bb82cf176a8c2fb4ef50f" score = 40 @@ -266047,8 +266047,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L393-L412" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L393-L412" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2594b3ef3675ca3a7b465b8ed4962e3251364bab13b12af00ebba7fa2211abb2" logic_hash = "v1_sha256_ef0e7b48aaee9dc6251120a879a192993d86043dbfd11e2be1f6e675aaa4d2e4" score = 40 @@ -266077,8 +266077,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_8473 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L415-L437" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L415-L437" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "84739539aa6a9c9cb3c48c53f9399742883f17f24e081ebfa7bfaaf59f3ed451" hash = "6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44" hash = "e279e425d906ba77784fb5b2738913f5065a567d03abe4fd5571695d418c1c0f" @@ -266110,8 +266110,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Highresolutionenterpriseswwwhighrezcouk_Inpoutsy date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L440-L463" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L440-L463" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cfab93885e5129a86d13fd380d010cc8c204429973b776ab1b472d84a767930f" hash = "945ee05244316ff2f877718cf0625d4eb34e6ec472f403f958f2a700f9092507" hash = "7db320e49139f636c8b6d12b6c78b666a62599e9d59587ba87c6b89b0a34b18d" @@ -266144,8 +266144,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_4CD8 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L466-L486" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L466-L486" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4cd80f4e33b713570f6a16b9f77679efa45a466737e41db45b41924e7d7caef4" hash = "00c02901472d74e8276743c847b8148be3799b0e3037c1dfdca21fa81ad4b922" hash = "66a20fc2658c70facd420f5437a73fa07a5175998e569255cfb16c2f14c5e796" @@ -266175,8 +266175,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxguest_Virtualboxguestadditions_9 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L489-L508" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L489-L508" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "983310cdce8397c016bfcfcc9c3a8abbb5c928b235bc3c3ae3a3cc10ef24dfbd" logic_hash = "v1_sha256_8d2323bd83c70339f41fc8f90c67729f57ee1e54dc4f7d05dfded438c7bc419a" score = 40 @@ -266205,8 +266205,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rweverything_Rwdrvsys_Rwdrvdriver_45BA : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L511-L537" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L511-L537" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "45ba688a4bded8a7e78a4f5b0dc21004e951ddceb014bb92f51a3301d2fbc56a" hash = "bdcacb9f373b017d0905845292bca2089feb0900ce80e78df1bcaae8328ce042" hash = "3279593db91bb7ad5b489a01808c645eafafda6cc9c39f50d10ccc30203f2ddf" @@ -266242,8 +266242,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Vmdrvsys_Windowsrwinddkdr date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L540-L561" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L540-L561" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5c0b429e5935814457934fa9c10ac7a88e19068fa1bd152879e4e9b89c103921" hash = "32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351" hash = "d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3" @@ -266274,8 +266274,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L564-L584" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L564-L584" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433" hash = "7e81beae78e1ddbf6c150e15667e1f18783f9b0ab7fbe52c7ab63e754135948d" logic_hash = "v1_sha256_46c2abfe24d092b974e0916f7ccf53b71c12f3d438dff3e0ef9ffd1c253b0144" @@ -266305,8 +266305,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfoisys_Hwinfoiakerneldriver_33C6 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L587-L606" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L587-L606" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "33c6c622464f80a8d8017a03ff3aa196840da8bb03bfb5212b51612b5cf953dc" logic_hash = "v1_sha256_b9ec2a1a569f6972c9713a8e1512b0de974b4536bc92bd5466ee808d7574fada" score = 40 @@ -266335,8 +266335,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevicesinc_Pdfwkrnlsys_Usbcpowerdel date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L609-L628" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L609-L628" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6945077a6846af3e4e2f6a2f533702f57e993c5b156b6965a552d6a5d63b7402" logic_hash = "v1_sha256_06b458c2f8c6eb5dadf2a05c69225fdc4cbd6bd48e4380fa224573139de6a466" score = 40 @@ -266365,8 +266365,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Fintekcorp_Fintekcorpfintekpcieuart_32BD : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L631-L651" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L631-L651" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "32bd0edb9daa60175b1dc054f30e28e8dbfa293a32e6c86bfd06bc046eaa2f9e" hash = "17942865680bd3d6e6633c90cc4bd692ae0951a8589dbe103c1e293b3067344d" hash = "b1920889466cd5054e3ab6433a618e76c6671c3e806af8b3084c77c0e7648cbe" @@ -266396,8 +266396,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_42B3 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L654-L674" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L654-L674" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "42b31b850894bf917372ff50fbe1aff3990331e8bd03840d75e29dcc1026c180" hash = "c0c52425dd90f36d110952c665e5b644bb1092f952942c07bb4da998c9ce6e5b" logic_hash = "v1_sha256_d9437369dd7a913176a1351f991216f3190b608f3a3182e891bdb7778835b815" @@ -266427,8 +266427,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L677-L696" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L677-L696" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5bd41a29cbba0d24e639f49d1f201b9bd119b11f5e3b8a5fefa3a5c6f1e7692c" logic_hash = "v1_sha256_69948e6d3cc375d78ba95a51c7a78e5a3f17e0ca07cf1e3e53d54f350d9ac0a9" score = 40 @@ -266457,8 +266457,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxusbsys_Virtualboxusbdriver_C509 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L699-L718" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L699-L718" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c509935f3812ad9b363754216561e0a529fc2d5b8e86bfa7302b8d149b7d04aa" logic_hash = "v1_sha256_5bf3a4f5e3f674c4f32de55abd9d1981ad0b1fd48fb460905d017096b30ae10e" score = 40 @@ -266487,8 +266487,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersys_F171 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L721-L740" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L721-L740" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f1718a005232d1261894b798a60c73d971416359b70d0e545d7e7a40ed742b71" logic_hash = "v1_sha256_2879360aef7b25e7d5ea9e4cbdce9f60a33ca4181ef35e18117e69832589cc73" score = 40 @@ -266517,8 +266517,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_DD4F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L743-L765" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L743-L765" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "dd4fedd5662122cbfe046a12e2137294ef1cb7822238d9e24eacc78f22f8e93d" hash = "904e0f7d485a98e8497d5ec6dd6e6e1cf0b8d8e067fb64a9e09790af3c8c9d5a" hash = "1c2f1e2b0cc4da128feb73a6b9dd040df8495fefe861d69c9f44778c6ddb9b9b" @@ -266550,8 +266550,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_7627 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L768-L787" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L768-L787" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "76276c87617b836dd6f31b73d2bb0e756d4b3d133bddfe169cb4225124ca6bfb" hash = "1e9c236ed39507661ec32731033c4a9b9c97a6221def69200e03685c08e0bfa7" logic_hash = "v1_sha256_eba1a04dc1de06122a8bad80399c4233b9c3101f4fcbc805ec7615010da76833" @@ -266580,8 +266580,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L790-L810" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L790-L810" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "16ae28284c09839900b99c0bdf6ce4ffcd7fe666cfd5cfb0d54a3ad9bea9aa9c" hash = "d54ac69c438ba77cde88c6efd6a423491996d4e8a235666644b1db954eb1da9c" logic_hash = "v1_sha256_4c4359af17cfc03947722c644064fa2e2bacc5adcbd66499bfba4aa483ac56f6" @@ -266611,8 +266611,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerz_Computerzsys_Computerzsystemdriver_61F date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L813-L832" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L813-L832" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "61f3b1c026d203ce94fab514e3d15090222c0eedc2a768cc2d073ec658671874" logic_hash = "v1_sha256_73d2e39a2e1d9810f5f0999a8f79a238a36305d36db731a3e84859e6d15bfdd8" score = 40 @@ -266641,8 +266641,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L835-L864" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L835-L864" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc" hash = "f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478" hash = "89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7" @@ -266681,8 +266681,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Cpuzsys_Windowsrwinddkdri date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L867-L897" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L867-L897" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1f4d4db4abe26e765a33afb2501ac134d14cadeaa74ae8a0fae420e4ecf58e0c" hash = "c3e150eb7e7292f70299d3054ed429156a4c32b1f7466a706a2b99249022979e" hash = "922d23999a59ce0d84b479170fd265650bc7fae9e7d41bf550d8597f472a3832" @@ -266722,8 +266722,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Mitactechnologycorporation_Vdbsvsys_Mitacsystems date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L900-L919" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L900-L919" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "91afa3de4b70ee26a4be68587d58b154c7b32b50b504ff0dc0babc4eb56578f4" logic_hash = "v1_sha256_e93e2620e452d0d6d834057921ed0de35309098130b47e98da7c1e87b31b86ee" score = 40 @@ -266752,8 +266752,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_00B3 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L922-L944" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L922-L944" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "00b3ff11585c2527b9e1c140fd57cb70b18fd0b775ec87e9646603056622a1fd" hash = "3140005ce5cac03985f71c29732859c88017df9d41c3761aa7c57bbcb7ad2928" hash = "18f306b6edcfacd33b7b244eaecdd0986ef342f0d381158844d1f0ee1ac5c8d7" @@ -266785,8 +266785,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_B50F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L947-L969" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L947-L969" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b50ffc60eaa4fb7429fdbb67c0aba0c7085f5129564d0a113fec231c5f8ff62e" hash = "dd2f1f7012fb1f4b2fb49be57af515cb462aa9c438e5756285d914d65da3745b" hash = "b37b3c6877b70289c0f43aeb71349f7344b06063996e6347c3c18d8c5de77f3b" @@ -266818,8 +266818,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Openlibsysorg_Winringsys_Winring_11BD : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L972-L992" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L972-L992" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5" hash = "a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062" logic_hash = "v1_sha256_e5777a3a1e71f287c18434a48c2990abd3e202c919378a9473541abe2b8f0ba5" @@ -266849,8 +266849,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowswinowsdriverkitsprovider_Hwrwdrvsys_Hardw date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L995-L1014" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L995-L1014" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "21ccdd306b5183c00ecfd0475b3152e7d94b921e858e59b68a03e925d1715f21" logic_hash = "v1_sha256_da6f9de9c0529ef274b989f63d9d6308ea78a0f7f91d81caaafb5478412c33eb" score = 40 @@ -266879,8 +266879,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_AD8F : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1017-L1036" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1017-L1036" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ad8ffccfde782bc287241152cf24245a8bf21c2530d81c57e17631b3c4adb833" logic_hash = "v1_sha256_fba0440ab68b148f26224cce5d2b8bdb684a2d185502fb3b920fe12288e6d775" score = 40 @@ -266909,8 +266909,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_3124 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1039-L1058" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1039-L1058" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3124b0411b8077605db2a9b7909d8240e0d554496600e2706e531c93c931e1b5" logic_hash = "v1_sha256_4e22250223e272624f9608e7981ba91c1fb0e00eaf6d8388b81ad91fd8dbcc5c" score = 40 @@ -266939,8 +266939,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1061-L1080" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1061-L1080" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ff55c1f308a5694eb66a3e9ba326266c826c5341c44958831a7a59a23ed5ecc8" logic_hash = "v1_sha256_298b509c736082f651b32be6ff3ba8b2044d48e8d1ac5c411449524750794d4f" score = 40 @@ -266969,8 +266969,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_A855 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1083-L1103" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1083-L1103" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a855b6ec385b3369c547a3c54e88a013dd028865aba0f3f08be84cdcbaa9a0f6" hash = "49ef680510e3dac6979a20629d10f06822c78f45b9a62ec209b71827a526be94" hash = "653f6a65e0e608cae217bea2f90f05d8125cf23f83ba01a60de0f5659cfa5d4d" @@ -267000,8 +267000,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_DB71 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1106-L1125" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1106-L1125" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "db711ec3f4c96b60e4ed674d60c20ff7212d80e34b7aa171ad626eaa8399e8c7" logic_hash = "v1_sha256_c62675b8ae01311a74bd0b0717219dde73badf621f2b6af1d5d6ff12317048f0" score = 40 @@ -267030,8 +267030,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Iobit_Monitorsys_Advancedsystemcare_E4A7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1128-L1147" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1128-L1147" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e4a7da2cf59a4a21fc42b611df1d59cae75051925a7ddf42bf216cc1a026eadb" logic_hash = "v1_sha256_798dad45f7ac1267da440c3ca7aba1da1dbd2bdead9b6979379902e009bbd2a2" score = 40 @@ -267060,8 +267060,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Iobit_Iobitunlockersys_Iobitunlocker_2B33 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1150-L1181" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1150-L1181" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2b33df9aff7cb99a782b252e8eb65ca49874a112986a1c49cd9971210597a8ae" hash = "faa9aa7118ecf9bb6594281f6b582f1ced0cc62d5db09a2fbf9b7ce70c532285" hash = "507724d96a54f3e45c16a065bf38ae82a9b80d07096a461068a701cae0c1cf29" @@ -267102,8 +267102,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Phoenixtechnologiesltd_Phlashnt_Winphlash_65DB : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1184-L1203" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1184-L1203" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890" logic_hash = "v1_sha256_52b33a82d9835242e397f693094494508a9a1e17ab7125ad6818130f4b2dc2de" score = 40 @@ -267132,8 +267132,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Arthurliberman_Alsysiosys_Alsysio_7196 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1206-L1225" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1206-L1225" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7196187fb1ef8d108b380d37b2af8efdeb3ca1f6eefd37b5dc114c609147216d" logic_hash = "v1_sha256_c69a031ad9d7eff41358cd2ae9404c25c48ca747ac5fc9b806e48be2fe59aee8" score = 40 @@ -267162,8 +267162,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Aoddriversys_Amdoverdrivese date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1228-L1248" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1228-L1248" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f4dc11b7922bf2674ca9673638e7fe4e26aceb0ebdc528e6d10c8676e555d7b2" hash = "070ff602cccaaef9e2b094e03983fd7f1bf0c0326612eb76593eabbf1bda9103" logic_hash = "v1_sha256_6d49bcb5159d3be15ec42748089baff846ce661446a73d7986deb945e379a45f" @@ -267193,8 +267193,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Rtportsys_Windowsrddkprovide date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1251-L1271" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1251-L1271" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8fe429c46fedbab8f06e5396056adabbb84a31efef7f9523eb745fc60144db65" hash = "71423a66165782efb4db7be6ce48ddb463d9f65fd0f266d333a6558791d158e5" logic_hash = "v1_sha256_c768c1592586c6a053f69d8f64c66ba213dc054113d98f3144610fdb5978a0f1" @@ -267224,8 +267224,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Anticheatexpertcom_Acebase_Anticheatexpert_7326 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1274-L1292" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1274-L1292" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7326aefff9ea3a32286b423a62baebe33b73251348666c1ee569afe62dd60e11" logic_hash = "v1_sha256_c309c294def3fb6601ab76b4b67bdda0d38db398a8a56b0ced0d4ce8cafc8602" score = 40 @@ -267253,8 +267253,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1295-L1314" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1295-L1314" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "133e542842656197c5d22429bd56d57aa33c9522897fdf29853a6d321033c743" logic_hash = "v1_sha256_8294e9a9d7bf9e4471d494ca78db936c69b2b2ee495207cde79aeabff9910463" score = 40 @@ -267283,8 +267283,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_1072 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1317-L1337" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1317-L1337" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1072beb3ff6b191b3df1a339e3a8c87a8dc5eae727f2b993ea51b448e837636a" hash = "e8eb1c821dbf56bde05c0c49f6d560021628df89c29192058ce68907e7048994" logic_hash = "v1_sha256_99645f9bf3c3ba88788ad609ee067cdda808effac07990db725b9be5fca32658" @@ -267314,8 +267314,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_8A07 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1340-L1369" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1340-L1369" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8a0702681bc51419fbd336817787a966c7f92cabe09f8e959251069578dfa881" hash = "26e3bfef255efd052a84c3c43994c73222b14c95db9a4b1fc2e98f1a5cb26e43" hash = "65e3548bc09dffd550e79501e3fe0fee268f895908e2bba1aa5620eb9bdac52d" @@ -267354,8 +267354,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_0D37 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1372-L1409" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1372-L1409" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f" hash = "523d1d43e896077f32cd9acaa8e85b513bfb7b013a625e56f0d4e9675d9822ba" hash = "df0dcfb3971829af79629efd036b8e1c6e2127481b3644ccc6e2ddd387489a15" @@ -267402,8 +267402,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Proxydrvsys_Nn_C0E7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1412-L1431" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1412-L1431" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c0e74f565237c32989cb81234f4b5ad85f9dd731c112847c0a143d771021cb99" logic_hash = "v1_sha256_b4248d60006efcf3f489cfad8a68bbf594bd45f75e8b9c8d7b9f727c6ee05042" score = 40 @@ -267432,8 +267432,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_5381 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1434-L1454" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1434-L1454" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "53810ca98e07a567bb082628d95d796f14c218762cbbaa79704740284dccda4b" hash = "8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c" hash = "003e61358878c7e49e18420ee0b4a37b51880be40929a76e529c7b3fb18e81b4" @@ -267463,8 +267463,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersys_26D6 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1457-L1478" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1457-L1478" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "26d67d479dafe6b33c980bd1eed0b6d749f43d05d001c5dcaaf5fcddb9b899fe" hash = "6a234a2b8eb3844f7b5831ee048f88e8a76e9d38e753cc82f61b234c79fe1660" hash = "2fa78c2988f9580b0c18822b117d065fb419f9c476f4cfa43925ba6cd2dffac3" @@ -267495,8 +267495,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustek_Driversys_Ectool_927C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1481-L1503" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1481-L1503" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a" hash = "42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0" hash = "1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb" @@ -267528,8 +267528,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantim date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1506-L1525" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1506-L1525" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "dd628061d6e53f3f0b44f409ad914b3494c5d7b5ff6ff0e8fc3161aacec93e96" logic_hash = "v1_sha256_f0bf2e418bed091c1d9f1d604f284586f27d2d28b277c29f241aeaee9b9bdccf" score = 40 @@ -267558,8 +267558,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorp_Stdcdrvwssys_Selftestdatacollectordriv date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1528-L1547" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1528-L1547" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "70afdc0e11db840d5367afe53c35d9642c1cf616c7832ab283781d085988e505" logic_hash = "v1_sha256_06aae42f1cfaaa5d797ef384786a8cdb54685465240d324216d8832be82c5db0" score = 40 @@ -267588,8 +267588,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realteksemiconductorcorp_Rtportsys_Realtekportio date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1550-L1569" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1550-L1569" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ff322cd0cc30976f9dbdb7a3681529aeab0de7b7f5c5763362b02c15da9657a1" logic_hash = "v1_sha256_814b2a2bc284623f620341ec841cd080eb04ef9c9f4a11387d0b79c5010e70e8" score = 40 @@ -267618,8 +267618,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_A6F7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1572-L1591" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1572-L1591" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a6f7897cd08fe9de5e902bb204ff87215584a008f458357d019a50d6139ca4af" logic_hash = "v1_sha256_e6b52b789ba1f5bf60722a7b4ec2f94e650b186605ea558780018edaa74090b4" score = 40 @@ -267648,8 +267648,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_834A : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1594-L1613" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1594-L1613" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "834a3d755b5ae798561f8e5fbb18cf28dfcae7a111dc6a03967888e9d10f6d78" hash = "e89cb7217ec1568b43ad9ca35bf059b17c3e26f093e373ab6ebdeee24272db21" logic_hash = "v1_sha256_54a915ecbb2fb9f77603a19628d8130cf9896bc649618e3448442e1408b1f8a4" @@ -267678,8 +267678,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Eiosys_Asusvgakernelmodedrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1616-L1637" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1616-L1637" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f4c7e94a7c2e49b130671b573a9e4ff4527a777978f371c659c3f97c14d126de" hash = "cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb" hash = "1fac3fab8ea2137a7e81a26de121187bf72e7d16ffa3e9aec3886e2376d3c718" @@ -267710,8 +267710,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_F42E : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1640-L1659" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1640-L1659" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f42eb29f5b2bcb2a70d796fd71fd1b259d5380b216ee672cf46dcdd4604b87ad" logic_hash = "v1_sha256_2bbf7257a20468f12ffa8e8dc70c126a41124043acfcae776cda173ed68788c3" score = 40 @@ -267740,8 +267740,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_CF4B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1662-L1681" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1662-L1681" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cf4b5fa853ce809f1924df3a3ae3c4e191878c4ea5248d8785dc7e51807a512b" logic_hash = "v1_sha256_50f8cbf8834910e3560b3d092ae897977db2c9cb26107219e1604b2c26bba2ae" score = 40 @@ -267770,8 +267770,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerzsys_Ludashisystemdriver_3867 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1684-L1704" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1684-L1704" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "386745d23a841e1c768b5bdf052e0c79bb47245f9713ee64e2a63f330697f0c8" hash = "5aee1bae73d056960b3a2d2e24ea07c44358dc7bc3f8ac58cc015cccc8f8d89c" logic_hash = "v1_sha256_f911813c40d65c443b01e00635da122cd1969817c6d3842eca7a5a20ff57513e" @@ -267801,8 +267801,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_D783 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1707-L1726" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1707-L1726" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d783ace822f8fe4e25d5387e5dd249cb72e62f62079023216dc436f1853a150f" logic_hash = "v1_sha256_f92c013f7c10a9c63b2f630b198d9ef360e944182b9760e8c268dc7145f82e95" score = 40 @@ -267831,8 +267831,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_4B52 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1729-L1748" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1729-L1748" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1" logic_hash = "v1_sha256_c1df652b20d7bbea94d71bdef159c26b59180b736859bb4a16d03880a99d2841" score = 40 @@ -267861,8 +267861,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1751-L1770" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1751-L1770" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "38d6d90d543bf6037023c1b1b14212b4fa07731cbbb44bdb17e8faffc12b22e8" logic_hash = "v1_sha256_d1cc4c2d1335784f723849ab37131f3b5384628652594fe8e3a1ab4b0729eacd" score = 40 @@ -267891,8 +267891,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Biostargroup_Iodriver_Biostariodriverfle_42E1 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1773-L1794" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1773-L1794" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "42e170a7ab1d2c160d60abfc906872f9cfd0c2ee169ed76f6acb3f83b3eeefdb" hash = "f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65" hash = "55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a" @@ -267923,8 +267923,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytes_Elbycdio_Cdrtools_07AF : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1797-L1816" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1797-L1816" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "07af8c5659ad293214364789df270c0e6d03d90f4f4495da76abc2d534c64d88" logic_hash = "v1_sha256_832d90cd437cb6912630943fcae9e103341c0bc6770a4515525cf42f72812faa" score = 40 @@ -267953,8 +267953,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Mitactechnologycorporation_Mtcbsvsys_Mitacsystem date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1819-L1838" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1819-L1838" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8" logic_hash = "v1_sha256_402e0a50c61722ffbbf6778df2483750fae17d6a18d8b247d65df8302d725c14" score = 40 @@ -267983,8 +267983,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_7125 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1841-L1860" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1841-L1860" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7125c9831a52d89d3d59fb28043b67fbe0068d69732da006fabb95550d1fa730" logic_hash = "v1_sha256_b91987339120b171bf8059bd06c95b25ec8124a902d53c0d05558e95bdfa588b" score = 40 @@ -268013,8 +268013,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_5F65 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1863-L1882" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1863-L1882" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5f6547e9823f94c5b94af1fb69a967c4902f72b6e0c783804835e6ce27f887b0" logic_hash = "v1_sha256_66fa3b5461eb9cf7c9f0eba976ac1546338ac11b937cc9753340042a0dc49066" score = 40 @@ -268043,8 +268043,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_58A7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1885-L1904" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1885-L1904" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495" logic_hash = "v1_sha256_f1f16f31db7cd1249b3a76eddf0091a1b89d158da5c3beb1e3ed5ec18a3a7d72" score = 40 @@ -268073,8 +268073,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Panyazilimbilisimteknolojileriticltdsti_Panmonfl date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1907-L1926" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1907-L1926" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf" logic_hash = "v1_sha256_ad7595823bec8291999096f6249051d51741761c09e5a00ed72b01beeb13389b" score = 40 @@ -268103,8 +268103,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1929-L1949" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1929-L1949" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d633055c7eda26dacfc30109eb790625519fc7b0a3a601ceed9e21918aad8a1b" hash = "29f449fca0a41deccef5b0dccd22af18259222f69ed6389beafe8d5168c59e36" logic_hash = "v1_sha256_40d935ad81305da16adadabbbb18376bb0af64df5ce164625ec1e223ee01ceba" @@ -268134,8 +268134,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_0F17 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1952-L1971" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1952-L1971" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0f17e5cfc5bdd74aff91bfb1a836071345ba2b5d1b47b0d5bf8e7e0d4d5e2dbf" logic_hash = "v1_sha256_3e9d3d998c97ac3491211c231552ee36be1428ca8ec61e89e9c1c1b7ff4ccf22" score = 40 @@ -268164,8 +268164,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Bsmisys_5962 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1974-L1992" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1974-L1992" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347" hash = "552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9" logic_hash = "v1_sha256_2ddfc5fea50425403654a8c60b372e2416cb0e0424ab26a8812e0b1fb35d399d" @@ -268193,8 +268193,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_C6FE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L1995-L2016" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L1995-L2016" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c6feb3f4932387df7598e29d4f5bdacec0b9ce98db3f51d96fc4ffdcc6eb10e1" hash = "e7b79fe1377b3da749590c080d4d96e59e622b1013b2183b98c81baa8bf2fffe" hash = "f77fe6b1e0e913ac109335a8fa2ac4961d35cbbd50729936059aba8700690a9e" @@ -268225,8 +268225,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_AF16 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2019-L2038" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2019-L2038" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "af16c36480d806adca881e4073dcd41acb20c35ed0b1a8f9bd4331de655036e1" logic_hash = "v1_sha256_390b48999576261d87a970dee3dd1da4d82f45bdcf4db37be180c464bacfa488" score = 40 @@ -268255,8 +268255,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_99F4 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2041-L2090" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2041-L2090" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "99f4994a0e5bd1bf6e3f637d3225c69ff4cd620557e23637533e7f18d7d6cba1" hash = "56a3c9ac137d862a85b4004f043d46542a1b61c6acb438098a9640469e2d80e7" hash = "c2a4ddcc9c3b339d752c48925d62fc4cc5adbf6fae8fedef74cdd47e88da01f8" @@ -268315,8 +268315,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ncrcorporation_Radhwmgrsys_Ncrcorporationhardwar date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2093-L2112" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2093-L2112" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7c8ad57b3a224fdc2aac9dd2d7c3624f1fcd3542d4db804de25a90155657e2cc" logic_hash = "v1_sha256_cc7c365f36d9c7fc0367b57f9d5b24004c8c4453e0ed227941623c6057fce39a" score = 40 @@ -268345,8 +268345,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avaluetechnologyinc_Avalueio_Avalueio_A5A4 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2115-L2135" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2115-L2135" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a5a4a3c3d3d5a79f3ed703fc56d45011c21f9913001fcbcc43a3f7572cff44ec" hash = "defde359045213ae6ae278e2a92c5b4a46a74119902364c7957a38138e9c9bbd" logic_hash = "v1_sha256_ec187ba5aadc7b9395008155d4b6331b099b3ae9e3ab738568a9980b3d0ce448" @@ -268376,8 +268376,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Bsdefsys_Supportsstsfssteeatf date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2138-L2160" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2138-L2160" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5f5e5f1c93d961985624768b7c676d488c7c7c1d4c043f6fc1ea1904fefb75be" hash = "3326e2d32bbabd69feb6024809afc56c7e39241ebe70a53728c77e80995422a5" hash = "0040153302b88bee27eb4f1eca6855039e1a057370f5e8c615724fa5215bada3" @@ -268409,8 +268409,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_F27F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2163-L2186" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2163-L2186" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f27febff1be9e89e48a9128e2121c7754d15f8a5b2e88c50102cecee5fe60229" hash = "8138b219a2b1be2b0be61e5338be470c18ad6975f11119aee3a771d4584ed750" hash = "e16dc51c51b2df88c474feb52ce884d152b3511094306a289623de69dedfdf48" @@ -268443,8 +268443,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_965D : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2189-L2208" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2189-L2208" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "965d4f981b54669a96c5ab02d09bf0a9850d13862425b8981f1a9271350f28bb" logic_hash = "v1_sha256_e5ba23bf3914d121647d6b7aef5ec81d9d62af56397e152fb39179349f1f6146" score = 40 @@ -268473,8 +268473,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_5A66 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2211-L2234" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2211-L2234" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5a661e26cfe5d8dedf8c9644129039cfa40aebb448895187b96a8b7441d52aaa" hash = "fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f" hash = "202d9703a5b8d06c5f92d2c5218a93431aa55af389007826a9bfaaf900812213" @@ -268507,8 +268507,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Panyazilimbilisimteknolojileriticltdsti_Panioxsy date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2237-L2256" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2237-L2256" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74" logic_hash = "v1_sha256_d6d95fe0d738012ca0643f478c59accd2d1e47742a502f5fea65040e59e9f42a" score = 40 @@ -268537,8 +268537,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_82FB : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2259-L2278" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2259-L2278" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "82fbcb371d53b8a76a25fbbafaae31147c0d1f6b9f26b3ea45262c2267386989" logic_hash = "v1_sha256_38df982e74818094d0aa508b6b0ad94b885e6554760b4678de833fcc86e8bb13" score = 40 @@ -268567,8 +268567,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Entechtaiwan_Seasys_Softenginex_6CB5 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2281-L2300" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2281-L2300" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6cb51ae871fbd5d07c5aad6ff8eea43d34063089528603ca9ceb8b4f52f68ddc" logic_hash = "v1_sha256_aa425e95a0b920bf68c0221d8fb1cc16f00755b626f496b758cf50d26949c27b" score = 40 @@ -268597,8 +268597,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2303-L2322" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2303-L2322" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0b542e47248611a1895018ec4f4033ea53464f259c74eb014d018b19ad818917" logic_hash = "v1_sha256_264c22a6b54b47962561ea3d8400aab606dd2d28f5d288ba4777ff2ca290c38e" score = 40 @@ -268627,8 +268627,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_F159 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2325-L2347" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2325-L2347" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f15962354d37089884abba417f58e9dbd521569b4f69037a24a37cfc2a490672" hash = "9fa120bda98633e30480d8475c9ac6637470c4ca7c63763560bf869138091b01" hash = "0b547368c03e0a584ae3c5e62af3728426c68b316a15f3290316844d193ad182" @@ -268660,8 +268660,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_1273 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2350-L2369" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2350-L2369" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1273b74c3c1553eaa92e844fbd51f716356cc19cf77c2c780d4899ec7738fbd1" logic_hash = "v1_sha256_1bf31b51302ade1b65e6c24a0dfcc6e144a2f0104e687cef4a14e6307c27c9e1" score = 40 @@ -268690,8 +268690,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3854 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2372-L2392" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2372-L2392" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "385485e643aa611e97ceae6590c6a8c47155886123dbb9de1e704d0d1624d039" hash = "b773511fdb2e370dec042530910a905472fcc2558eb108b246fd3200171b04d3" logic_hash = "v1_sha256_0cdfef6284465ea9f5509cb4e0ad6efb531d60150fb355a388f8152b322e3da9" @@ -268721,8 +268721,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Aoddriversys_Amdoverdrivese date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2395-L2416" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2395-L2416" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3c11dec1571253594d64619d8efc8c0212897be84a75a8646c578e665f58bf5d" hash = "5a0b10a9e662a0b0eeb951ffd2a82cc71d30939a78daebd26b3f58bb24351ac9" hash = "7a1105548bfc4b0a1b7b891cde0356d39b6633975cbcd0f2e2d8e31b3646d2ca" @@ -268753,8 +268753,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrcodenamelonghornddkprovider_Cpuzsys_Wind date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2419-L2438" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2419-L2438" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "eaa5dae373553024d7294105e4e07d996f3a8bd47c770cdf8df79bf57619a8cd" logic_hash = "v1_sha256_9149c106ff7ea0326b9e010ef7ae32c25f57c3b9b2e738f4915eda205a512888" score = 40 @@ -268783,8 +268783,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_8FE9 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2441-L2457" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2441-L2457" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a" logic_hash = "v1_sha256_f293cb0a8bbc710428a7a4ae582f9d6ed60954afeb84efe8b74da38ff41732c1" score = 40 @@ -268810,8 +268810,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrcodenamelonghornddkprovider_Cpuzsys_Wind date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2460-L2487" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2460-L2487" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "49329fa09f584d1960b09c1b15df18c0bc1c4fdb90bf48b6b5703e872040b668" hash = "84c5f6ddd9c90de873236205b59921caabb57ac6f7a506abbe2ce188833bbe51" hash = "8e92aacd60fca1f09b7257e62caf0692794f5d741c5d1eec89d841e87f2c359c" @@ -268848,8 +268848,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_3D9E : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2490-L2509" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2490-L2509" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3d9e83b189fcf5c3541c62d1f54a0da0a4e5b62c3243d2989afc46644056c8e3" logic_hash = "v1_sha256_fdb944988945780b774d73f3d729d2468b0c9006aca100fa8bbf913a9c5402c6" score = 40 @@ -268878,8 +268878,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Logitech_Lgcoretempsys_Lgcoretemp_E0CB : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2512-L2531" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2512-L2531" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef" logic_hash = "v1_sha256_f3162a80eb6ab357766aaafbf62aec608291873980c81c6d21d835bc349cda76" score = 40 @@ -268908,8 +268908,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Stdcdrvsys_Selftestdatacollecto date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2534-L2553" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2534-L2553" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "37022838c4327e2a5805e8479330d8ff6f8cd3495079905e867811906c98ea20" logic_hash = "v1_sha256_dfc77d3461c57240baea160b35e9174aa370fc533d08a9331dd8ce53a0048ad4" score = 40 @@ -268938,8 +268938,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_2BBE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2556-L2576" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2556-L2576" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2bbe65cbec3bb069e92233924f7ee1f95ffa16173fceb932c34f68d862781250" hash = "e68d453d333854787f8470c8baef3e0d082f26df5aa19c0493898bcf3401e39a" logic_hash = "v1_sha256_23365c52fd3ce5d9c113c0779072b82325632c75f27cbfde9037b7ffc543a209" @@ -268969,8 +268969,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2579-L2599" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2579-L2599" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "092d04284fdeb6762e65e6ac5b813920d6c69a5e99d110769c5c1a78e11c5ba0" hash = "0ce40a2cdd3f45c7632b858e8089ddfdd12d9acb286f2015a4b1b0c0346a572c" logic_hash = "v1_sha256_771400b6e3f2d216fd38db681bf78fbc4e764a45ff9e11d2e33b62f93ac4a8e2" @@ -269000,8 +269000,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Rtportsys_Windowsrddkprovide date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2602-L2621" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2602-L2621" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3c0a36990f7eef89b2d5f454b6452b6df1304609903f31f475502e4050241dd8" logic_hash = "v1_sha256_0460def7e251adf398560c0f05cac2d161951339eb2bcc2b2f4840edbd0d6991" score = 40 @@ -269030,8 +269030,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_5FAE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2624-L2643" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2624-L2643" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5fae7e491b0d919f0b551e15e0942ac7772f2889722684aea32cff369e975879" logic_hash = "v1_sha256_7dfbd2e11b8a37a8b276a2279f19f57064f3d561cf2555680c71679206ec1452" score = 40 @@ -269060,8 +269060,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxusbmonsys_Virtualboxusbmonitordr date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2646-L2665" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2646-L2665" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3d055be2671e136c937f361cef905e295ddb6983526341f1d5f80a16b7655b40" logic_hash = "v1_sha256_ca021b6b3c733e75d33996652ca9602541e4c9eb9e74f2a995d1b2c2989ca68b" score = 40 @@ -269090,8 +269090,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_1A45 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2668-L2687" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2668-L2687" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1a450ae0c9258ab0ae64f126f876b5feed63498db729ec61d06ed280e6c46f67" logic_hash = "v1_sha256_51f72d08bd6f0b0e683a9af729e16e08e8d652d9ea5f43872aa402ec3da65cfe" score = 40 @@ -269120,8 +269120,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_62F5 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2690-L2710" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2690-L2710" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "62f5e13b2edc00128716cb93e6a9eddffea67ce83d2bb426f18f5be08ead89e0" hash = "ee3ff12943ced401e2b6df9e66e8a0be8e449fa9326cab241f471b2d8ffefdd7" logic_hash = "v1_sha256_13b9c0f468e8ce5a9ff8938879d6d22a56c0d7e01b3a72969ecff55954a07b89" @@ -269151,8 +269151,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Yyinc_Dianhu_80CB : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2713-L2731" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2713-L2731" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3" hash = "bb50818a07b0eb1bd317467139b7eb4bad6cd89053fecdabfeae111689825955" logic_hash = "v1_sha256_fb1f5f8687f1673585ee2652b9dde20ae925ee33d527d2052707b2370a5df1fc" @@ -269180,8 +269180,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_8F68 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2734-L2756" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2734-L2756" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8f68ca89910ebe9da3d02ec82d935de1814d79c44f36cd30ea02fa49ae488f00" hash = "7227377a47204f8e2ff167eee54b4b3545c0a19e3727f0ec59974e1a904f4a96" hash = "c8eaa5e6d3230b93c126d2d58e32409e4aeeb23ccf0dd047a17f1ef552f92fe9" @@ -269213,8 +269213,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_A5A5 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2759-L2778" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2759-L2778" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a5a50449e2cc4d0dbc80496f757935ae38bf8a1bebdd6555a3495d8c219df2ad" logic_hash = "v1_sha256_38048706f3e5bd4248779dc8890d14a31daafa177c51953c31f2e7a81c6871a0" score = 40 @@ -269243,8 +269243,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Wnbiossys_Windowsrwinddkd date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2781-L2800" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2781-L2800" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "530d9223ec7e4123532a403abef96dfd1af5291eb49497392ff5d14d18fccfbb" logic_hash = "v1_sha256_73e496811ab4097aa8311e510fa913a10691a00e314944d509df05084d373379" score = 40 @@ -269273,8 +269273,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytes_Elbycdio_Cdrtools_98EC : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2803-L2822" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2803-L2822" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "98ec7cc994d26699f5d26103a0aeb361128cff3c2c4d624fc99126540e23e97e" logic_hash = "v1_sha256_27e4fb74a63ee1fe3b3bcf97e2ed01b02d05339cce2f18c2f010577d80dbb243" score = 40 @@ -269303,8 +269303,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_591B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2825-L2844" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2825-L2844" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "591bd5e92dfa0117b3daa29750e73e2db25baa717c31217539d30ffb1f7f3a52" logic_hash = "v1_sha256_471fab20146586dacf37b9bb3f43ee578339c73f204487556987803d12a64f95" score = 40 @@ -269333,8 +269333,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Openlibsysorg_Winringsys_Winring_47EA : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2847-L2867" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2847-L2867" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84" hash = "3ec5ad51e6879464dfbccb9f4ed76c6325056a42548d5994ba869da9c4c039a8" logic_hash = "v1_sha256_e6bea09a04b7f043d9a8cef4c8dc3e2f087fdf1a981f6d23dee728ea6d15d792" @@ -269364,8 +269364,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2870-L2889" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2870-L2889" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd" logic_hash = "v1_sha256_b4f90f50b2e90fd8dc57778ba8f650ed201fe2f11f145e981d13021f87746d1f" score = 40 @@ -269394,8 +269394,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2892-L2911" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2892-L2911" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "909de5f21837ea2b13fdc4e5763589e6bdedb903f7c04e1d0b08776639774880" logic_hash = "v1_sha256_669972137fad6a5cc701ea56cf8ae85e08d2131f026e8cf1bd5c85ca1754d3cb" score = 40 @@ -269424,8 +269424,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Atitechnologiesinc_Atillksys_Atidiagnostics_AD40 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2914-L2938" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2914-L2938" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173" hash = "6c6c5e35accc37c928d721c800476ccf4c4b5b06a1b0906dc5ff4df71ff50943" hash = "38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7" @@ -269459,8 +269459,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerzsys_Ludashisystemdriver_E502 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2941-L2963" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2941-L2963" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e502c2736825ea0380dd42effaa48105a201d4146e79de00713b8d3aaa98cd65" hash = "5c80dc051c4b0c62b9284211f71e5567c0c0187e466591eacb93e7dc10e4b9ab" hash = "d6801e845d380c809d0da8c7a5d3cd2faa382875ae72f5f7af667a34df25fbf7" @@ -269492,8 +269492,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2966-L2985" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2966-L2985" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0cd4ca335155062182608cad9ef5c8351a715bce92049719dd09c76422cd7b0c" logic_hash = "v1_sha256_b0ef81e3a05326390a7d2f00499cf3aaf0610b03f3df2313d5a1f2dddff3555f" score = 40 @@ -269522,8 +269522,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_3FA6 : F date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L2988-L3007" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L2988-L3007" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3fa6379951f08ed3cb87eeba9cf0c5f5e1d0317dcfcf003b810df9d795eeb73e" logic_hash = "v1_sha256_c1d75b4073f212403f3e7b50cd8c1ea2a8a979bca7cf2dd4cd05bfca03d49c48" score = 40 @@ -269552,8 +269552,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3E1D : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3010-L3029" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3010-L3029" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3e1d47a497babbfd1c83905777b517ec87c65742bee7eb57a2273eca825d2272" logic_hash = "v1_sha256_29f4dbbd8dd749a9ccf94cd59010c8c8b63ce1d33c93f05b1f24b1e6a216aff6" score = 40 @@ -269582,8 +269582,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3032-L3051" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3032-L3051" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6fb5bc9c51f6872de116c7db8a2134461743908efc306373f6de59a0646c4f5d" logic_hash = "v1_sha256_108670db45ff60bd5d31187755019cd7530f29da12d36c96be06880c23d5e7f9" score = 40 @@ -269612,8 +269612,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_3B71 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3054-L3075" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3054-L3075" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3b7177e9a10c1392633c5f605600bb23c8629379f7f42957972374a05d4dc458" hash = "72b67b6b38f5e5447880447a55fead7f1de51ca37ae4a0c2b2f23a4cb7455f35" hash = "d04c72fd31e7d36b101ad30e119e14f6df9cbc7a761526da9b77f9e0b9888bc4" @@ -269644,8 +269644,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_0BD1 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3078-L3097" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3078-L3097" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0bd1523a68900b80ed1bccb967643525cca55d4ff4622d0128913690e6bb619e" logic_hash = "v1_sha256_c5fa94fee1260b2c8f188c996ed4ce2095ad8c72fcf6a03b6985303209f17a3a" score = 40 @@ -269674,8 +269674,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_1E94 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3100-L3119" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3100-L3119" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1e94d4e6d903e98f60c240dc841dcace5f9e8bbb0802e6648a49ab80c23318cb" logic_hash = "v1_sha256_86cbd2762bb8bf050343f4e738216a33764997046a9b59bbb6a435afa2859f0e" score = 40 @@ -269704,8 +269704,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Hpdevelopmentcompany_Etdsuppsys_Hpetdidriverdll_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3122-L3141" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3122-L3141" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145" logic_hash = "v1_sha256_9fcdfda30bb8fb16c5112c22b34be1c42f9ce1a32d21a7554ba0aff2a7696aa1" score = 40 @@ -269734,8 +269734,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Netfiltersys_Windowsrwind date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3144-L3170" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3144-L3170" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "db1dbb09d437d3e8bed08c88ca43769b4fe8728f68b78ff6f9c8d2557e28d2b1" hash = "5c54a5cd3386ac14725a07962562e9fdcefbb7be0d19803f9d71de24573de1e3" hash = "6703400b490b35bcde6e41ce1640920251855e6d94171170ae7ea22cdd0938c0" @@ -269771,8 +269771,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_4ED2 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3173-L3192" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3173-L3192" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7" logic_hash = "v1_sha256_07981841e989bc762fbce94915e29595b1e6db881ed57064c03b126019538fca" score = 40 @@ -269801,8 +269801,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersys_1265 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3195-L3216" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3195-L3216" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "12656fc113b178fa3e6bfffc6473897766c44120082483eb8059ebff29b5d2df" hash = "7ff8fe4c220cf6416984b70a7e272006a018e5662da3cedc2a88efeb6411b4a4" hash = "1cd75de5f54b799b60789696587b56a4a793cf60775b81f236f0e65189d863af" @@ -269833,8 +269833,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_1F81 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3219-L3238" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3219-L3238" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1f8168036d636aad1680dd0f577ef9532dbb2dad3591d63e752b0ba3ee6fd501" logic_hash = "v1_sha256_e5b9e4c1559e91b575933d2dd5574a6c374fe967256f65243122c22efbc666ce" score = 40 @@ -269863,8 +269863,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Iobit_Iobitunlockersys_Iobitunlocker_C79A : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3241-L3260" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3241-L3260" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66" logic_hash = "v1_sha256_b711978610592c579a05d332b72c294a5b960a18033264d6a75b8b482dbe8903" score = 40 @@ -269893,8 +269893,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_16B5 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3263-L3282" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3263-L3282" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "16b591cf5dc1e7282fdb25e45497fe3efc8095cbe31c05f6d97c5221a9a547e1" logic_hash = "v1_sha256_57f379da59234cd2e83802180faecd15784a28fcd09f2eb0a5944f494972c9fc" score = 40 @@ -269923,8 +269923,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Phoenixtechnologies_Agentsys_Driveragent_4045 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3285-L3309" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3285-L3309" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca" hash = "8cb62c5d41148de416014f80bd1fd033fd4d2bd504cb05b90eeb6992a382d58f" hash = "6948480954137987a0be626c24cf594390960242cd75f094cd6aaa5c2e7a54fa" @@ -269958,8 +269958,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_FA77 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3312-L3332" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3312-L3332" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "fa77a472e95c4d0a2271e5d7253a85af25c07719df26941b39082cfc0733071a" hash = "423f052690b6b523502931151dfcc63530e3bd9d79680f9b5ac033b23b5c6f18" logic_hash = "v1_sha256_e59a975ce22fb83623ae84000e07bcc0f2060b7e16cfc3e2b538138246ef296a" @@ -269989,8 +269989,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_D0E2 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3335-L3354" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3335-L3354" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d0e25b879d830e4f867b09d6540a664b6f88bad353cd14494c33b31a8091f605" logic_hash = "v1_sha256_c265c6c89ea9bf09b9dcf47e1ce60f3531d76521a0ef1bbdc07d401a7b4164ed" score = 40 @@ -270019,8 +270019,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Openlibsysorg_Openlibsyssys_Openlibsys_F060 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3357-L3376" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3357-L3376" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f0605dda1def240dc7e14efa73927d6c6d89988c01ea8647b671667b2b167008" logic_hash = "v1_sha256_c73f19c87d63e9986e5f44a368f4b8305b7bff17ebdeb85f309751f54f76db48" score = 40 @@ -270049,8 +270049,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_4AC0 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3379-L3398" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3379-L3398" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4ac08a6035cfcafdac712d7c3cf2eef6e10258f14cee6e80e1ef2f71f5045173" logic_hash = "v1_sha256_b3a6dc1e2b7e806eb56133af99e995139dccddb2cba897f54144203ea3558f29" score = 40 @@ -270079,8 +270079,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rweverything_Rwdrvsys_Rweverythingreadwritedrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3401-L3425" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3401-L3425" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2a652de6b680d5ad92376ad323021850dab2c653abf06edf26120f7714b8e08a" hash = "3384f4a892f7aa72c43280ff682d85c8e3936f37a68d978d307a9461149192de" hash = "2470fd1b733314c9b0afa19fd39c5d19aa1b36db598b5ebbe93445caa545da5f" @@ -270114,8 +270114,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_5027 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3428-L3447" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3428-L3447" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5027fce41ed60906a0e76b97c95c2a5a83d57a2d1cd42de232a21f26c0d58e48" logic_hash = "v1_sha256_f2f0788448e15b372c67c310a411c9533fad7e03b24c24a1a1da7eeb595b6e75" score = 40 @@ -270144,8 +270144,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3450-L3469" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3450-L3469" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2203bd4731a8fdc2a1c60e975fd79fd5985369e98a117df7ee43c528d3c85958" logic_hash = "v1_sha256_30602a4c8f91277805e82cdcd5ccae77b22e77644baf59d9ab2235e575ed9f25" score = 40 @@ -270174,8 +270174,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_442C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3472-L3492" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3472-L3492" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "442c18aeb09556bb779b21185c4f7e152b892410429c123c86fc209a802bff3c" hash = "3e1f592533625bf794e0184485a4407782018718ae797103f9e968ff6f0973a1" logic_hash = "v1_sha256_b44ece633deccb00cea884422a24053616bf92a71a7f0a0264102d548ce02bb7" @@ -270205,8 +270205,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_468B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3495-L3515" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3495-L3515" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "468b087a0901d7bd971ab564b03ded48c508840b1f9e5d233a7916d1da6d9bd5" hash = "f93e0d776481c4ded177d5e4aebb27f30f0d47dcb4a1448aee8b66099ac686e1" logic_hash = "v1_sha256_b286d189f5709b74d0da658841a1a626408db584696c467b07b4c341ec6d6748" @@ -270236,8 +270236,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3518-L3537" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3518-L3537" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "19d0fc91b70d7a719f7a28b4ad929f114bf1de94a4c7cba5ad821285a4485da0" logic_hash = "v1_sha256_0d4f44ece27db1def197e6353d59677915f7f58eb5ff4661d2b8e024eb07acb7" score = 40 @@ -270266,8 +270266,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3540-L3559" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3540-L3559" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9b1ac756e35f795dd91adbc841e78db23cb7165280f8d4a01df663128b66d194" logic_hash = "v1_sha256_fcef672d2e2c24f4b1323554ca206f3bd67657af96ad774056e5fd0181cc7ac7" score = 40 @@ -270296,8 +270296,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Panyazilimbilisimteknolojileriticltdsti_Panmonfl date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3562-L3581" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3562-L3581" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7" logic_hash = "v1_sha256_6f9a951d64947f6930614206f10eb51a5f43566fdc6425821608e0f847818f75" score = 40 @@ -270326,8 +270326,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3584-L3604" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3584-L3604" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f4e500a9ac5991da5bf114fa80e66456a2cde3458a3d41c14e127ac09240c114" hash = "642857fc8d737e92db8771e46e8638a37d9743928c959ed056c15427c6197a54" logic_hash = "v1_sha256_a787fd5e5b62f39a19222a8167382966dd707e2aba99f4c08ad839b221a17e75" @@ -270357,8 +270357,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Lenovogrouplimitedr_Lenovodiagnosticsdriversys_L date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3607-L3626" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3607-L3626" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f05b1ee9e2f6ab704b8919d5071becbce6f9d0f9d0ba32a460c41d5272134abe" logic_hash = "v1_sha256_22098d721c4814786834b3ea781283f53d195ba35f51fc8fd75b45f7781d39d4" score = 40 @@ -270387,8 +270387,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_3F20 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3629-L3645" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3629-L3645" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc" logic_hash = "v1_sha256_6265acf1ebd52e5efe41774f35b3b01ede27f18c04975ac57afbd62b7d6d7600" score = 40 @@ -270414,8 +270414,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Toshibacorporation_Nchgbiosxsys_Toshibabiospacka date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3648-L3667" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3648-L3667" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7d4ca5760b6ad2e4152080e115f040f9d42608d2c7d7f074a579f911d06c8cf8" logic_hash = "v1_sha256_a724598247e27cca91bd76f60ebbad471d199ae290c8ec100bcf1efc02b74963" score = 40 @@ -270444,8 +270444,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Dell_Dbutil_71FE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3670-L3686" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3670-L3686" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009" logic_hash = "v1_sha256_dad7c23d78176f31a2a324998e3170a5096a50389ff83af590503fac69791890" score = 40 @@ -270471,8 +270471,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_6D2C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3689-L3709" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3689-L3709" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6d2cc7e1d95bb752d79613d0ea287ea48a63fb643dcb88c12b516055da56a11d" hash = "8047859a7a886bcf4e666494bd03a6be9ce18e20dc72df0e5b418d180efef250" logic_hash = "v1_sha256_c2c74038259bec413bbacf0957449d1da5291b84c6f6848e5573ca50bbea006f" @@ -270502,8 +270502,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Atszio_Atsziodriver_673B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3712-L3731" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3712-L3731" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "673bcec3d53fab5efd6e3bac25ac9d6cc51f6bbdf8336e38aade2713dc1ae11b" hash = "31d8fc6f5fb837d5eb29db828d13ba8ee11867d86a90b2c2483a578e1d0ec43a" logic_hash = "v1_sha256_d3f753b1bd9dc99cece28a3da9a87e9d211207204f05f573f01391f2c1a08f07" @@ -270532,8 +270532,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asus_Asmmapsys_Atkgenericfunctionservice_025E : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3734-L3753" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3734-L3753" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "025e7be9fcefd6a83f4471bba0c11f1c11bd5047047d26626da24ee9a419cdc4" logic_hash = "v1_sha256_81100a6b0917bd9d6641c1f3db32353d1fe02b34feb5136c3f316f5deaa32f7d" score = 40 @@ -270562,8 +270562,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_9724 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3756-L3778" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3756-L3778" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9724488ca2ba4c787640c49131f4d1daae5bd47d6b2e7e5f9e8918b1d6f655be" hash = "a66d2fb7ef7350ea74d4290c57fb62bc59c6ea93f759d4ca93c3febca7aeb512" hash = "e77786b21dbe73e9619ac9aac5e7e92989333d559aa22b4b65c97f0a42ff2e21" @@ -270595,8 +270595,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_7133 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3781-L3800" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3781-L3800" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129" logic_hash = "v1_sha256_7abc5f0325fa8552b38499b061dd10f6a4cdb56ba1071446ce6ca91e42b8c9f7" score = 40 @@ -270625,8 +270625,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Lgelectronicsinc_Lhasys_Microsoftwindowsoperatin date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3803-L3823" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3803-L3823" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade" hash = "e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf" logic_hash = "v1_sha256_fcc57907a8653acc1175b486f719f029ba3c982dbc73ab0cd878f08b2fcb0aad" @@ -270656,8 +270656,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elitegroupcomputersystems_Ecsiodriversys_Ecsiodr date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3826-L3845" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3826-L3845" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "270547552060c6f4f5b2ebd57a636d5e71d5f8a9d4305c2b0fe5db0aa2f389cc" logic_hash = "v1_sha256_899c58fe4793270c3e314e2c3f04c1341b6fefedba37d53200e5477f1108a5cf" score = 40 @@ -270686,8 +270686,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_8D33 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3848-L3868" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3848-L3868" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8d3347c93dff62eecdde22ccc6ba3ce8c0446874738488527ea76d0645341409" hash = "31ffc8218a52c3276bece1e5bac7fcb638dca0bc95c2d385511958abdbe4e4a5" logic_hash = "v1_sha256_9868c2b401562623484d7bc00700332a754380b25b05cb95f38a8b242e7f59fa" @@ -270717,8 +270717,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerzsys_Ludashisystemdriver_C586 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3871-L3891" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3871-L3891" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c586befc3fd561fcbf1cf706214ae2adaa43ce9ba760efd548d581f60deafc65" hash = "dda2a604bb94a274e23f0005f0aa330d45ca1ea25111746fb46fa5ef6d155b1d" logic_hash = "v1_sha256_761661cb4ab100aad58ca83f20dd3eb25173bb6c987a7643ca93b91e90f25409" @@ -270748,8 +270748,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Logmeininc_Lmiinfosys_Logmein_453B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3894-L3913" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3894-L3913" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "453be8f63cc6b116e2049659e081d896491cf1a426e3d5f029f98146a3f44233" logic_hash = "v1_sha256_1940aec392f250b22b8480d7b75f0c1a21c7bad13c0e83a4eb6065b3d045e4cd" score = 40 @@ -270778,8 +270778,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_76AF : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3916-L3935" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3916-L3935" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "76af3f9fa111d694e37058606f2636430bdd378c85b94f426fbfcd6666ebe6cc" logic_hash = "v1_sha256_d4031de065552af6807677430ee6aa17fb754052f6fdeb147db0105bd235acd8" score = 40 @@ -270808,8 +270808,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_1284 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3938-L3957" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3938-L3957" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1284a1462a5270833ec7719f768cdb381e7d0a9c475041f9f3c74fa8eea83590" logic_hash = "v1_sha256_2453f457e43fd2dade465a33189f8ae41ca5ebd16d9a9c42d8edaf22ca990916" score = 40 @@ -270838,8 +270838,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rweverything_Asrsetupdrvsys_Asrsetupdrvdriver_9D date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3960-L3980" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3960-L3980" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3" hash = "a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f" logic_hash = "v1_sha256_875be865b5c6a924c48aada4c97ae39552a9944d9efb4e419dd754ce3f7ec217" @@ -270869,8 +270869,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L3983-L4004" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L3983-L4004" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c628cda1ef43defc00af45b79949675a8422490d32b080b3a8bb9434242bdbf2" hash = "7164aaff86b3b7c588fc7ae7839cc09c5c8c6ae29d1aff5325adaf5bedd7c9f5" hash = "0d30c6c4fa0216d0637b4049142bc275814fd674859373bd4af520ce173a1c75" @@ -270901,8 +270901,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantim date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4007-L4026" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4007-L4026" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d0eb3ba0aff471d19260192784bf9f056d669b779b6eaff84e732b7124ce1d11" logic_hash = "v1_sha256_434964576b56367bc1ef4a198b6d6315c00c3fea0af9f1e0f08da6b7bd2cd0d1" score = 40 @@ -270931,8 +270931,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Getactechnologycorporation_Mtcbsvsys_Getacsystem date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4029-L4049" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4029-L4049" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "edbb23e74562e98b849e5d0eefde3af056ec6e272802a04b61bebd12395754e5" hash = "4b465faf013929edf2f605c8cd1ac7a278ddc9a536c4c34096965e6852cbfb51" logic_hash = "v1_sha256_0a729463c077e67113c7aeb1347b6ff2374fa8e4e5524b05c0a5ed2194b605b6" @@ -270962,8 +270962,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_2FBB : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4052-L4071" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4052-L4071" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2fbbc276737047cb9b3ba5396756d28c1737342d89dce1b64c23a9c4513ae445" logic_hash = "v1_sha256_b25969777810ff75d8cc35ae042a58e35f268c09aaa6f7fd6e10b1a1741898b4" score = 40 @@ -270992,8 +270992,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4074-L4093" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4074-L4093" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f" logic_hash = "v1_sha256_21a234179b5f2ae97262100f990587238339777bf919f8a9f04e84e64c77fb1d" score = 40 @@ -271022,8 +271022,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiowxsys_Realtekiodriver_082C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4096-L4115" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4096-L4115" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d" logic_hash = "v1_sha256_805a4da51dd1a85c46b830b747ed15f5cfb7539b42fd598987d3cd879d93cc97" score = 40 @@ -271052,8 +271052,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_1493 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4118-L4141" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4118-L4141" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "14938f68957ede6e2b742a550042119a8fbc9f14427fb89fa53fff12d243561c" hash = "28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7" hash = "41eeeb0472c7e9c3a7146a2133341cd74dd3f8b5064c9dee2c70e5daa060954f" @@ -271086,8 +271086,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Powertool_Kevpsys_Powertool_7C0F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4144-L4171" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4144-L4171" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7c0f77d103015fc29379ba75d133dc3450d557b0ba1f7495c6b43447abdae230" hash = "d9500af86bf129d06b47bcfbc4b23fcc724cfbd2af58b03cdb13b26f8f50d65e" hash = "2a4f4400402cdc475d39389645ca825bb0e775c3ecb7c527e30c5be44e24af7d" @@ -271124,8 +271124,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_D1F4 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4174-L4193" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4174-L4193" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d1f4949f76d8ac9f2fa844d16b1b45fb1375d149d46e414e4a4c9424dc66c91f" logic_hash = "v1_sha256_8152947116f7cb31e716db449c855255c30f5034d065e8287cf480157274ba9b" score = 40 @@ -271154,8 +271154,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_BC45 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4196-L4216" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4196-L4216" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "bc453d428fc224960fa8cbbaf90c86ce9b4c8c30916ad56e525ab19b6516424e" hash = "182bbdb9ecd3932e0f0c986b779c2b2b3997a7ca9375caa2ec59b4b08f4e9714" logic_hash = "v1_sha256_283d6d71ba7ace25c248949d232d2ce0c86fa87115304b8d6c07e7564e6757a3" @@ -271185,8 +271185,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_7CB4 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4219-L4238" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4219-L4238" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7cb497abc44aad09a38160d6a071db499e05ff5871802ccc45d565d242026ee7" logic_hash = "v1_sha256_bec5e91150c9c0760c91f8a2b4b83867af030ede236c8596c3558e0f8fca1004" score = 40 @@ -271215,8 +271215,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Safenetinc_Hostnt_Hostnt_07B6 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4241-L4260" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4241-L4260" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "07b6d69bafcfd767f1b63a490a8843c3bb1f8e1bbea56176109b5743c8f7d357" logic_hash = "v1_sha256_b07f335b6941ef2095903cb8841358bff6b09518a96512d69fdf90bf328888e7" score = 40 @@ -271245,8 +271245,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rivetnetworksllc_Kfecodrvsys_Killertrafficcontro date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4263-L4282" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4263-L4282" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9a91d6e83b8fdec536580f6617f10dfc64eedf14ead29a6a644eb154426622ba" logic_hash = "v1_sha256_29ba3734f177a3ca166a3c02d066da4b9e4cbd146724f037ac82e3ced1d7951e" score = 40 @@ -271275,8 +271275,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4285-L4304" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4285-L4304" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "848b150ffcf1301b26634a41f28deacb5ccdd3117d79b590d515ed49849b8891" logic_hash = "v1_sha256_e56d5221962e4fe353c0e37cc3bbebf68d785d86f49269d7e6d935ef6cff6f38" score = 40 @@ -271305,8 +271305,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_7CB5 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4307-L4324" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4307-L4324" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21" logic_hash = "v1_sha256_df3e79bf8db29cb712ac4fe3670954a0793d7d839f3368ad52e5f826afd18b7f" score = 40 @@ -271333,8 +271333,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asrockincorporation_Asrautochkupddrvsys_Asrautoc date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4327-L4346" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4327-L4346" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4" logic_hash = "v1_sha256_87c0e6a3d0ff8f88e8f190c6b643adde45dc7d4c2aa73b79ba0f38a13bd86f1c" score = 40 @@ -271363,8 +271363,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_97B3 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4349-L4369" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4349-L4369" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "97b32ddf83f75637e3ba934df117081dd6a1c57d47a4c9700d35e736da11d5bd" hash = "89108a15f009b285db4ef94250b889d5b11b96b4aa7b190784a6d1396e893e10" logic_hash = "v1_sha256_800b43309abd2921378c28cace1ccfb2f7d3420c0f7059c9cbd7422095cbba43" @@ -271394,8 +271394,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_0EAB : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4372-L4391" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4372-L4391" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0eab16c7f54b61620277977f8c332737081a46bc6bbde50742b6904bdd54f502" logic_hash = "v1_sha256_a4b1e73c5706e29fc31722f82bdf03c705a03821feb22da48c8c5d0d0f7f2dbb" score = 40 @@ -271424,8 +271424,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_8EF5 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4394-L4413" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4394-L4413" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8ef59605ebb2cb259f19aba1a8c122629c224c58e603f270eaa72f516277620c" logic_hash = "v1_sha256_d0b94553fb03576dea69fd13042db119825009c0a90ba111560102fed8bb3154" score = 40 @@ -271454,8 +271454,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_1F15 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4416-L4435" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4416-L4435" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1f15fd9b81092a98fabcc4ac95e45cec2d9ff3874d2e3faac482f3e86edad441" logic_hash = "v1_sha256_5eebc2d90e6d17134c100e4f04271f4e1f6546a6c74ef4737e60ec76d4fa8227" score = 40 @@ -271484,8 +271484,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4438-L4457" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4438-L4457" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0452a6e8f00bae0b79335c1799a26b2b77d603451f2e6cc3b137ad91996d4dec" logic_hash = "v1_sha256_3e5eddf984eb85a304bd19a444238850dc2d153f8e59bb215a08f781efc270c6" score = 40 @@ -271514,8 +271514,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_818E : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4460-L4479" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4460-L4479" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "818e396595d08d724666803cd29dac566dc7db23bf50e9919d04b33afa988c01" logic_hash = "v1_sha256_de48cb605c339f13f94451361531ea2661d79311aacbb87878b24866766b6e3f" score = 40 @@ -271544,8 +271544,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_6FFD : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4482-L4501" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4482-L4501" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6ffdde6bc6784c13c601442e47157062941c47015891e7139c2aaba676ab59cc" logic_hash = "v1_sha256_f8d629b1c9b785204c61c95ac83dc7516db14aa8abd68dc8cb5250d53408f20d" score = 40 @@ -271574,8 +271574,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_7710 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4504-L4528" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4504-L4528" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "771015b2620942919bb2e0683476635b7a09db55216d6fbf03534cb18513b20c" hash = "8d57e416ea4bb855b78a2ff3c80de1dfbb5dc5ee9bfbdddb23e46bd8619287e2" hash = "6c5c6c350c8dd4ca90a8cca0ed1eeca185ebc67b1100935c8f03eb3032aca388" @@ -271609,8 +271609,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_AD8F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4531-L4551" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4531-L4551" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ad8fd8300ed375e22463cea8767f68857d9a3b0ff8585fbeb60acef89bf4a7d7" hash = "0507d893e3fd2917c81c1dc13ccb22ae5402ab6ca9fb8d89485010838050d08d" logic_hash = "v1_sha256_2cbeb5784c1f074b8d76d8f884e7529b8c137ff6b9df0320db677927766fcc70" @@ -271640,8 +271640,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_71C0 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4554-L4578" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4554-L4578" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "71c0ce3d33352ba6a0fb26e274d0fa87dc756d2473e104e0f5a7d57fab8a5713" hash = "13ae3081393f8100cc491ebb88ba58f0491b3550787cf3fd25a73aa7ca0290d9" hash = "8781589c77df2330a0085866a455d3ef64e4771eb574a211849784fdfa765040" @@ -271675,8 +271675,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrserverddkprovider_Speedfansys_Windowsrse date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4581-L4600" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4581-L4600" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c" logic_hash = "v1_sha256_ce5fb5f559f97130403f8f4c22a2f223892ba46b1df9fd6a99624e879a3fcea3" score = 40 @@ -271705,8 +271705,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Openlibsysorg_Openlibsyssys_Openlibsys_9131 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4603-L4622" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4603-L4622" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c" logic_hash = "v1_sha256_e61f4452ecae438072b37ae00ca67401541db0e8f6d5b0f1d697190fdff16d23" score = 40 @@ -271735,8 +271735,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_E4EC : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4625-L4644" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4625-L4644" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e4eca7db365929ff7c5c785e2eab04ef8ec67ea9edcf7392f2b74eccd9449148" logic_hash = "v1_sha256_08fa3c764599e1f0cb4e76b38b9d577a2fd70fb3f6f3e8e70eea65f0cf16d93a" score = 40 @@ -271765,8 +271765,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Atsziosys_Atsziodriver_FB6B : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4647-L4666" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4647-L4666" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "fb6b0d304433bf88cc7d57728683dbb4b9833459dc33528918ead09b3907ff22" logic_hash = "v1_sha256_f62cc8ddd443bf196d36d5a3a2724aff4858fcc78abcdbb3cf7362228fde7a7b" score = 40 @@ -271795,8 +271795,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4669-L4689" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4669-L4689" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85" hash = "cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc" logic_hash = "v1_sha256_467c47d2a64332dc3b94a3b55655f0e0c4f10b19e8724718b8f2ccf97ffe6446" @@ -271826,8 +271826,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Micsystechnologycoltd_Msiosys_Msiodriverversion_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4692-L4713" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4692-L4713" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ae42afa9be9aa6f6a5ae09fa9c05cd2dfb7861dc72d4fd8e0130e5843756c471" hash = "d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2" hash = "0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff" @@ -271858,8 +271858,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublic_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4716-L4735" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4716-L4735" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3724b39e97936bb20ada51c6119aded04530ed86f6b8d6b45fbfb2f3b9a4114b" logic_hash = "v1_sha256_6c2a12c5866686cde0e621bd35b73079d7d37d5b5d4b42bb962435a73682c32b" score = 40 @@ -271888,8 +271888,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_2380 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4738-L4757" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4738-L4757" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4" logic_hash = "v1_sha256_7ac9c6ae541d6689a986d884e96f2f024a18736a59b02a1103e44538d725bb52" score = 40 @@ -271918,8 +271918,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4760-L4780" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4760-L4780" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d7c90cf3fdbbd2f40fe6a39ad0bb2a9a97a0416354ea84db3aeff6d925d14df8" hash = "64a8e00570c68574b091ebdd5734b87f544fa59b75a4377966c661d0475d69a5" logic_hash = "v1_sha256_1e5669c7c79c027bdef5dbd135b35ea4e9af8c164b6b8f027490e2fa49ebf904" @@ -271949,8 +271949,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_A97B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4783-L4803" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4783-L4803" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a97b404aae301048e0600693457c3320d33f395e9312938831bc5a0e808f2e67" hash = "47c490cc83a17ff36a1a92e08d63e76edffba49c9577865315a6c9be6ba80a7d" logic_hash = "v1_sha256_1b7961c9c0e0812fa68f330f45ba1834a246f3571e9086280b03c155865746e9" @@ -271980,8 +271980,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibxsys_Ntiolibx_1E8B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4806-L4826" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4806-L4826" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1e8b0c1966e566a523d652e00f7727d8b0663f1dfdce3b9a09b9adfaef48d8ee" hash = "5d530e111400785d183057113d70623e17af32931668ab7c7fc826f0fd4f91a3" logic_hash = "v1_sha256_673d993f0ad7800551cfc11d73a38aa37b306902f2d28db4d5ec5f33bc51f21f" @@ -272011,8 +272011,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Featureintegrationtechnologyinc_Fintekpciecom_81 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4829-L4848" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4829-L4848" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "81fbc9d02ef9e05602ea9c0804d423043d0ea5a06393c7ece3be03459f76a41d" hash = "ebf0e56a1941e3a6583aab4a735f1b04d4750228c18666925945ed9d7c9007e1" logic_hash = "v1_sha256_24ae9365e55b29c55f83f944154f8fd4643c733f33cfb6542e9159b52acdb9c3" @@ -272041,8 +272041,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4851-L4872" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4851-L4872" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e" hash = "3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc" hash = "46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7" @@ -272073,8 +272073,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4875-L4894" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4875-L4894" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf" logic_hash = "v1_sha256_3827cad3f54342cba5e6cfc98b2e30522feb79ea8917d882b95dcc66863e389d" score = 40 @@ -272103,8 +272103,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_45F4 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4897-L4913" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4897-L4913" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "45f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef" logic_hash = "v1_sha256_539d1795ae819c2705e77cb41ec4248c7239ffa8cd805addbb9e5da5e98a83e2" score = 40 @@ -272130,8 +272130,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_4D05 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4916-L4942" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4916-L4942" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4d0580c20c1ba74cf90d44c82d040f0039542eea96e4bbff3996e6760f457cee" hash = "77c5e95b872b1d815d6d3ed28b399ca39f3427eeb0143f49982120ff732285a9" hash = "cff9aa9046bdfd781d34f607d901a431a51bb7e5f48f4f681cc743b2cdedc98c" @@ -272167,8 +272167,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_86A1 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4945-L4964" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4945-L4964" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "86a1b1bacc0c51332c9979e6aad84b5fba335df6b9a096ccb7681ab0779a8882" logic_hash = "v1_sha256_ed28688de49b089def60861ffe53f4e3a7f714b255035fdb19122375c83ebac2" score = 40 @@ -272197,8 +272197,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_61BE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4967-L4986" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4967-L4986" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "61befeef14783eb0fed679fca179d2f5c33eb2dcbd40980669ca2ebeb3bf11cf" logic_hash = "v1_sha256_70969db52d4e88e1662902634e0cb21c44ab694928e15e4bdaa9a1b2604146dd" score = 40 @@ -272227,8 +272227,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrserverddkprovider_Gdrvsys_Windowsrserver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L4989-L5011" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L4989-L5011" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "88992ddcb9aaedb8bfcc9b4354138d1f7b0d7dddb9e7fcc28590f27824bee5c3" hash = "31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427" hash = "6f1fc8287dd8d724972d7a165683f2b2ad6837e16f09fe292714e8e38ecd1e38" @@ -272260,8 +272260,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Filseclabcorporation_Fildds_Filseclabdynamicdefe date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5014-L5033" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5014-L5033" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f8c07b6e2066a5a22a92d9f521ecdeb8c68698c400e4b83e0501b9f340957c22" logic_hash = "v1_sha256_5eb7f097384c0e4b418611a37d6a03dc7a6ff21814716489bf35e0bd43f390cf" score = 40 @@ -272290,8 +272290,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_BE8D : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5036-L5055" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5036-L5055" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "be8dd2d39a527649e34dc77ef8bc07193a4234b38597b8f51e519dadc5479ec2" logic_hash = "v1_sha256_98be6af9aa551ba153413f75d4038b2840181418e0b8eba2cfcac2aa29a4460e" score = 40 @@ -272320,8 +272320,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_3E85 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5058-L5077" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5058-L5077" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3e85cf32562a47d51827b21ab1e7f8c26c0dbd1cd86272f3cc64caae61a7e5fb" logic_hash = "v1_sha256_23d11200a9d5ad71d8578e3ec3ac40ad6f7d9971177aa59a1ea6bac3de4f0b04" score = 40 @@ -272350,8 +272350,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_3070 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5080-L5099" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5080-L5099" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "30706f110725199e338e9cc1c940d9a644d19a14f0eb8847712cba4cacda67ab" logic_hash = "v1_sha256_05e9f35f83489d262ffece0c406eebf1b81514ea60278415fbc53adc0bc365fb" score = 40 @@ -272380,8 +272380,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_CC58 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5102-L5121" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5102-L5121" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cc586254e9e89e88334adee44e332166119307e79c2f18f6c2ab90ce8ba7fc9b" logic_hash = "v1_sha256_8eb46633cce7959cfefbc65ede889c748a077cddc59fb79d87b54ddcd42ca524" score = 40 @@ -272410,8 +272410,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrcodenamelonghornddkprovider_Rtkiosys_Win date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5124-L5145" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5124-L5145" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "916c535957a3b8cbf3336b63b2260ea4055163a9e6b214f2a7005d6d36a4a677" hash = "caa85c44eb511377ea7426ff10df00a701c07ffb384eef8287636a4bca0b53ab" hash = "478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82" @@ -272442,8 +272442,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nmscommunications_Cgkwinksys_Ctaccess_223F : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5148-L5167" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5148-L5167" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "223f61c3f443c5047d1aeb905b0551005a426f084b7a50384905e7e4ecb761a1" logic_hash = "v1_sha256_2ec82ad1a839ff65d3e8288ed161650bd678f8a201bb513bd869d1e9bcfb2a65" score = 40 @@ -272472,8 +272472,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_E4D9 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5170-L5189" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5170-L5189" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e4d9f037411284e996a002b15b49bc227d085ee869ae1cd91ba54ff7c244f036" logic_hash = "v1_sha256_e17c01d291e60fff225ee60e296450ab2d4a293084dc4c07de7347f55566d7ee" score = 40 @@ -272502,8 +272502,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5192-L5211" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5192-L5211" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b9ae1d53a464bc9bb86782ab6c55e2da8804c80a361139a82a6c8eef30fddd7c" logic_hash = "v1_sha256_dac574b12f72b99fe66500edb6447802f95ad8d6c787ddbea69b36a1c0dfdab7" score = 40 @@ -272532,8 +272532,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Cupfixerxsys_Windowsrwind date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5214-L5233" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5214-L5233" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8c748ae5dcc10614cc134064c99367d28f3131d1f1dda0c9c29e99279dc1bdd9" logic_hash = "v1_sha256_d0eb0738da64ce1a94278a422e829f01d1514ac4536fc2187aa5f4112b70f6e0" score = 40 @@ -272562,8 +272562,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevicesinc_Pdfwkrnlsys_Usbcpowerdel date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5236-L5256" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5236-L5256" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0cf84400c09582ee2911a5b1582332c992d1cd29fcf811cb1dc00fcd61757db0" hash = "f190919f1668652249fa23d8c0455acbde9d344089fde96566239b1a18b91da2" logic_hash = "v1_sha256_6497a69a7fd7502a78ec6d373a2b0bdc1da73bca4590a256f7094463e0f0b363" @@ -272593,8 +272593,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Eiosys_Asusvgakernelmodedrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5259-L5278" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5259-L5278" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0" logic_hash = "v1_sha256_bfcaa037bc06303a0de6a0372cd9dd49bd9801610989df46ca19fd844b22560e" score = 40 @@ -272623,8 +272623,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5281-L5300" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5281-L5300" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4d777a9e2c61e8b55b3c34c5265b301454bb080abe7ffb373e7800bd6a498f8d" logic_hash = "v1_sha256_bed34d3bcb856628a688bb189f5bc1a0adf2384698ac28196fc5313e57387a1e" score = 40 @@ -272653,8 +272653,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_2AFD : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5303-L5322" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5303-L5322" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2afdb3278a7b57466a103024aef9ff7f41c73a19bab843a8ebf3d3c4d4e82b30" logic_hash = "v1_sha256_a687639311529ca919f90d478ddbb39e441ce24a58be056af7a7108db3f11f25" score = 40 @@ -272683,8 +272683,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_00D9 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5325-L5344" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5325-L5344" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "00d9781d0823ab49505ef9c877aa6fa674e19ecc8b02c39ee2728f298bc92b03" logic_hash = "v1_sha256_dd1b181f975ada1e7d1def32be88e41df2f994c698e794dc0fade119b0eabf2d" score = 40 @@ -272713,8 +272713,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5347-L5366" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5347-L5366" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c35cab244bd88bf0b1e7fc89c587d82763f66cf1108084713f867f72cc6f3633" logic_hash = "v1_sha256_f9010e0f70eb1c94a1e41e5999623f5eeb6aff155c36cb7b17c196eb363a62c4" score = 40 @@ -272743,8 +272743,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Iomapsys_Asuskernelmodedriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5369-L5388" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5369-L5388" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ea85bbe63d6f66f7efee7007e770af820d57f914c7f179c5fee3ef2845f19c41" logic_hash = "v1_sha256_f9ffedd3761c0cf68d5f862ceb8e22a61a5da73e757cf92317085b714656e139" score = 40 @@ -272773,8 +272773,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_E05E : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5391-L5410" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5391-L5410" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53" logic_hash = "v1_sha256_94ee30a5cbd1ff47cddf35ec2205d9008857e87c457dce025501132231a146e4" score = 40 @@ -272803,8 +272803,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5413-L5432" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5413-L5432" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e4522e2cfa0b1f5d258a3cf85b87681d6969e0572f668024c465d635c236b5d9" logic_hash = "v1_sha256_0a35b3e88bb078e61c2769267fdba624d171492b0e4d1c57ecf7ea770fa2f44d" score = 40 @@ -272833,8 +272833,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Marvintestsolutionsinc_Hwsys_Hw_5596 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5435-L5455" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5435-L5455" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "55963284bbd5a3297f39f12f0d8a01ed99fe59d008561e3537bcd4db4b4268fa" hash = "4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8" logic_hash = "v1_sha256_fcfc255a20b512b38057022c05a694e757b08950d6d35b3c361b0559da51a689" @@ -272864,8 +272864,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Getactechnologycorporation_Mtcbsvsys_Getacsystem date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5458-L5477" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5458-L5477" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e6023b8fd2ce4ad2f3005a53aa160772e43fe58da8e467bd05ab71f3335fb822" logic_hash = "v1_sha256_6e220e39e765c6af5d2e80cce4a4a07b587ccd559e0cb455d56046cf4c2ff447" score = 40 @@ -272894,8 +272894,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Genitlkiwibenjaminxxxxx_Titidrv_Titidrvtiticatz_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5480-L5499" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5480-L5499" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "208ea38734979aa2c86332eba1ea5269999227077ff110ac0a0d411073165f85" logic_hash = "v1_sha256_c1a57d6f66fd8818dd72813a3bac78eab44b2b546f65a78864739cb55a258d39" score = 40 @@ -272924,8 +272924,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevicesinc_Pdfwkrnlsys_Usbcpowerdel date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5502-L5521" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5502-L5521" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5df689a62003d26df4aefbaed41ec1205abbf3a2e18e1f1d51b97711e8fcdf00" logic_hash = "v1_sha256_b560682fe9ed95a19df7dcc6ea823545d2303a51aaa06dc14e48c73f2e6fe8b7" score = 40 @@ -272954,8 +272954,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_B9AD : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5524-L5543" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5524-L5543" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b9ad7199c00d477ebbc15f2dcf78a6ba60c2670dad0ef0994cebccb19111f890" logic_hash = "v1_sha256_c8efd23f9fb60831cede71737c5d1e62d94f3b44a2b3da7f29db06ca4599821d" score = 40 @@ -272984,8 +272984,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_348D : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5546-L5566" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5546-L5566" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "348dc502ac57d7362c7f222e656c52e630c90bef92217a3bd20e49193b5a69f1" hash = "c186967cc4f2a0cb853c9796d3ea416d233e48e735f02b1bb013967964e89778" logic_hash = "v1_sha256_435219f0b49a009eb42ffa096c4acefc48f85d03a8656d5142df20deee19cf08" @@ -273015,8 +273015,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Mydriverscom_Hwm_Drivergenius_08EB : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5569-L5588" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5569-L5588" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "08eb2d2aa25c5f0af4e72a7e0126735536f6c2c05e9c7437282171afe5e322c6" logic_hash = "v1_sha256_2371de5547217734226420bbbee12dee897206bd2419387d2c2fc2ae07df7fec" score = 40 @@ -273045,8 +273045,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_3E27 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5591-L5610" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5591-L5610" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3e274df646f191d2705c0beaa35eeea84808593c3b333809f13632782e27ad75" logic_hash = "v1_sha256_18affdea7f982e47ca4852d9a4a28797a1ca3175c404c8e5c316ee3a610cf858" score = 40 @@ -273075,8 +273075,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Evgatechnologyinc_Windowsvistasmartiodevice_Wind date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5613-L5632" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5613-L5632" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3c95ebf3f1a87f67d2861dbd1c85dc26c118610af0c9fbf4180428e653ac3e50" logic_hash = "v1_sha256_e0bf6bd64e91baa27e1181223cba6f4975b5b5a9fd9918d4c65180ed584b319b" score = 40 @@ -273105,8 +273105,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_033C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5635-L5654" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5635-L5654" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "033c4634ab1a43bc3247384864f3380401d3b4006a383312193799dded0de4c7" logic_hash = "v1_sha256_fea547a999db61dd4c87d648d8e0e1a50f9c677439d514cfdd0a75a5a6da4c8f" score = 40 @@ -273135,8 +273135,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxusbsys_Virtualboxusbdrive date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5657-L5676" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5657-L5676" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5b26c4678ecd37d1829513f41ff9e9df9ef1d1d6fea9e3d477353c90cc915291" logic_hash = "v1_sha256_49554df6ecdbfafbb3cf8f78cdece896830dd842cf1cae1129f11eb69a3588c4" score = 40 @@ -273165,8 +273165,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_3B6E : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5679-L5698" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5679-L5698" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3b6e85c8fed9e39b21b2eab0b69bc464272b2c92961510c36e2e2df7aa39861b" logic_hash = "v1_sha256_f3736282399849376632ee9392bf679779cecbb76fa7bd8ccaff0b787a3370f5" score = 40 @@ -273195,8 +273195,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_7C73 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5701-L5721" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5701-L5721" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7c731c0ea7f28671ab7787800db69739ea5cd6be16ea21045b4580cf95cbf73b" hash = "fca10cde7d331b7f614118682d834d46125a65888e97bd9fda2df3f15797166c" logic_hash = "v1_sha256_9e024ac35be2fe02ecaae96f3cfbbae60b4032986f22710809699049456e979c" @@ -273226,8 +273226,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wistroncorporation_Wirwadrvsys_Wistronrwadriver_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5724-L5743" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5724-L5743" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d8fc8e3a1348393c5d7c3a84bcbae383d85a4721a751ad7afac5428e5e579b4e" logic_hash = "v1_sha256_e991957205079fb282f9fb248637d4723c940a7e9ab708e68082e99adbed647c" score = 40 @@ -273256,8 +273256,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_1A42 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5746-L5765" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5746-L5765" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1a42ebde59e8f63804eaa404f79ee93a16bb33d27fb158c6bfbe6143226899a0" logic_hash = "v1_sha256_bfd4ff6c58d83e8d09d43d75e655993319283d0a41407d20417011d663791fd3" score = 40 @@ -273286,8 +273286,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_F14D : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5768-L5788" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5768-L5788" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f14da8aa5c8eea8df63cf935481d673fdf3847f5701c310abf4023f9d80ad57d" hash = "c6a5663f20e5cee2c92dee43a0f2868fb0af299f842410f4473dcde7abcb6413" logic_hash = "v1_sha256_6d1a98e8b5ab416446cf15cf15a2bad93dfbe9b984b40f5fae523e17e6eb5caa" @@ -273317,8 +273317,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_EC5F : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5791-L5810" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5791-L5810" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ec5fac0b6bb267a2bd10fc80c8cca6718439d56e82e053d3ff799ce5f3475db5" logic_hash = "v1_sha256_74fad50be13de00367a5cecb25f7e3feb53f5e8553fac8cd32edc500a91aad88" score = 40 @@ -273347,8 +273347,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5813-L5832" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5813-L5832" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "34e0364a4952d914f23f271d36e11161fb6bb7b64aea22ff965a967825a4a4bf" logic_hash = "v1_sha256_a2f304406595b6cad63dbc83f32f1a35477d022fe5cad1c11ac9746d3775199d" score = 40 @@ -273377,8 +273377,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_D0BD : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5835-L5854" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5835-L5854" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d0bd1ae72aeb5f3eabf1531a635f990e5eaae7fdd560342f915f723766c80889" logic_hash = "v1_sha256_c285e87a94025916ed6d3fac65761d1ca4bef13102a0a37b256525bf651bd16c" score = 40 @@ -273407,8 +273407,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Atlaccesssys_Windowsrwind date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5857-L5876" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5857-L5876" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0b57569aaa0f4789d9642dd2189b0a82466b80ad32ff35f88127210ed105fe57" logic_hash = "v1_sha256_93d5121da2037ffcc961550b6859bff4257f56b783d7c49e442dc97a3f9257ae" score = 40 @@ -273437,8 +273437,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5879-L5898" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5879-L5898" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "909f6c4b8f779df01ef91e549679aa4600223ac75bc7f3a3a79a37cee2326e77" logic_hash = "v1_sha256_4e4a093fcdd97298aa6ead7c4412263837a7403f87b4d8f72e6ea27bc6f4d15f" score = 40 @@ -273467,8 +273467,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_3C18 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5901-L5917" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5901-L5917" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b" logic_hash = "v1_sha256_4f958ccb21b5cbd28c25a9c2e1a08fcf00e24bfa9e7814b9e68b87814dd04f4c" score = 40 @@ -273494,8 +273494,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_2B4C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5920-L5939" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5920-L5939" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2b4c7d3820fe08400a7791e2556132b902a9bbadc1942de57077ecb9d21bf47a" logic_hash = "v1_sha256_3db68ef927d373e7774d52bbf1dccfa2960b4bb1b42a32a181ad9e1f00458f23" score = 40 @@ -273524,8 +273524,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Iprt_Virtualboxguestadditions_BBF5 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5942-L5961" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5942-L5961" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "bbf564a02784d53b8006333406807c3539ee4a594585b1f3713325904cb730ec" logic_hash = "v1_sha256_7f5480d84195854bdc5c7554495e0ecd9b69b9c527152def1e85fd61084fd22d" score = 40 @@ -273554,8 +273554,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_9399 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5964-L5984" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5964-L5984" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9399f35b90f09b41f9eeda55c8e37f6d1cb22de6e224e54567d1f0865a718727" hash = "a66b4420fa1df81a517e2bbea1a414b57721c67a4aa1df1967894f77e81d036e" logic_hash = "v1_sha256_92139b7123c13dc80c1671b92ad6d1c6d6f4d02e1a3bc07e95cac27c7d43df66" @@ -273585,8 +273585,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Dtresearchinc_Iomemsys_Iomemsys_3D23 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L5987-L6006" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L5987-L6006" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3d23bdbaf9905259d858df5bf991eb23d2dc9f4ecda7f9f77839691acef1b8c4" logic_hash = "v1_sha256_4f494f3f2367bbc5751a09b79775ea61f62986b82375c8c98bf6a77203174be1" score = 40 @@ -273615,8 +273615,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_496F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6009-L6028" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6009-L6028" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "496f4a4021226fb0f1b5f71a7634c84114c29faa308746a12c2414adb6b2a40b" logic_hash = "v1_sha256_405e7a16f8290d1d5462227ccf7d42e137bc98f084c9d5763b000d101e615c6a" score = 40 @@ -273645,8 +273645,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6031-L6051" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6031-L6051" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e" hash = "51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5" logic_hash = "v1_sha256_191ef735b2fa7cf3c1e0ae1a28e7996580ed2094d214f2ce7b42d856b119eb5e" @@ -273676,8 +273676,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Multitheftauto_Mtasanandreas_9F4C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6054-L6071" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6054-L6071" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9f4ce6ab5e8d44f355426d9a6ab79833709f39b300733b5b251a0766e895e0e5" logic_hash = "v1_sha256_b8c423a00732d4e0fb4c45c64a6794a466e604feb9d455bc110cf5169f95ab55" score = 40 @@ -273704,8 +273704,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_2732 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6074-L6093" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6074-L6093" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2732050a7d836ae0bdc5c0aea4cdf8ce205618c3e7f613b8139c176e86476d0c" logic_hash = "v1_sha256_17723afb429fe90b2e49d61676c6564ce94547b55be45ea6a66cf8d2edcdc49b" score = 40 @@ -273734,8 +273734,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_A153 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6096-L6116" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6096-L6116" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a15325e9e6b8e4192291deb56c20c558dde3f96eb682c6e90952844edb984a00" hash = "e728b259113d772b4e96466ab8fe18980f37c36f187b286361c852bd88101717" hash = "4c859b3d11d2ff0049b644a19f3a316a8ca1a4995aa9c39991a7bde8d4f426a4" @@ -273765,8 +273765,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_3F36 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6119-L6139" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6119-L6139" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3f3684a37b2645fa6827943d9812ffc2d83e89e962935b29874bec7c3714a06f" hash = "37d999df20c1a0b8ffaef9484c213a97b9987ed308b4ba07316a6013fbd31c60" logic_hash = "v1_sha256_c82730df0e7b53c67478f3fa01728841eb3794354c3233b87fe342e652fadb2e" @@ -273796,8 +273796,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_7702 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6142-L6161" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6142-L6161" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7702f240800528d8186e3e6a26e2680486fed65a6fb5a2a000ad12c1fb61a398" logic_hash = "v1_sha256_c2f1170c6fc0353b99f0c0487937d05cba9a79c3b70eafa1895999074c6c4972" score = 40 @@ -273826,8 +273826,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_EF6D : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6164-L6183" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6164-L6183" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ef6d3c00f9d0aa31a218094480299ef73fc85146adf62fd0c2f4f88972c5c850" logic_hash = "v1_sha256_aff0eae9976189fe89534f7c3f1a35f093627f71d2c65aa446da85185f972bea" score = 40 @@ -273856,8 +273856,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Microfocus_Microfocusxtier_95D5 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6186-L6204" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6186-L6204" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3" logic_hash = "v1_sha256_070ce1aff2ca552a049602c694e77bd89caa4f6712d86671e21745d9d88f3bc3" score = 40 @@ -273885,8 +273885,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Z_Computerzsys_Zwuqisystemdriver_61E7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6207-L6226" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6207-L6226" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "61e7f9a91ef25529d85b22c39e830078b96f40b94d00756595dded9d1a8f6629" logic_hash = "v1_sha256_891a11f7f82c6aaa05801bdf0fd82d9786ec1e35c6d699119a801d5cc8e1fe24" score = 40 @@ -273915,8 +273915,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_8DCE : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6229-L6248" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6229-L6248" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8dcec67a1f4903981c3e0ab938784c2f241e041e26748e1c22059e0e507cfb37" logic_hash = "v1_sha256_4900c684a248338e686b0da0288fe2937cf5d0f5e453419b6f8091c2fc7fc061" score = 40 @@ -273945,8 +273945,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_E3EF : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6251-L6270" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6251-L6270" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e3eff841ea0f2786e5e0fed2744c0829719ad711fc9258eeaf81ed65a52a8918" logic_hash = "v1_sha256_50c225f42f3b7ac785d01cc9ad5542ac2e12d26e707d0ed5b8c5415d981479bc" score = 40 @@ -273975,8 +273975,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Arthurliberman_Alsysiosys_Alsysio_7F37 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6273-L6292" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6273-L6292" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7f375639a0df7fe51e5518cf87c3f513c55bc117db47d28da8c615642eb18bfa" logic_hash = "v1_sha256_5e796e1ebc587faf2f8255e6229fe4f97f781fd66100398561703320d34728c1" score = 40 @@ -274005,8 +274005,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Panyazilimbilisimteknolojileriticltdsti_Paniosys date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6295-L6314" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6295-L6314" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960" logic_hash = "v1_sha256_5694c7f1a74ffd5cdaa143bc563939589305450c3ee24c758fb7379b79f73764" score = 40 @@ -274035,8 +274035,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_6C5A : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6317-L6336" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6317-L6336" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6c5aef14613b8471f5f4fdeb9f25b5907c2335a4bc18b3c2266fb1ffd8f1741d" hash = "ec1307356828426d60eab78ffb5fc48a06a389dea6e7cc13621f1fa82858a613" logic_hash = "v1_sha256_02155af4ab432fbbec1bf582fa8161eb2e39c258bb0f67fcc7054d2f3c8a46be" @@ -274065,8 +274065,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_1768 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6339-L6358" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6339-L6358" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "17687cba00ec2c9036dd3cb5430aa1f4851e64990dafb4c8f06d88de5283d6ca" logic_hash = "v1_sha256_5fb10d691fda963001b9a3c07b22db5e63beef984f26bc7d31ad98a1524ce5ff" score = 40 @@ -274095,8 +274095,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_3913 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6361-L6382" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6361-L6382" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "39134750f909987f6ebb46cf37519bb80707be0ca2017f3735018bac795a3f8d" hash = "a34e45e5bbec861e937aefb3cbb7c8818f72df2082029e43264c2b361424cbb1" hash = "3e758221506628b116e88c14e71be99940894663013df3cf1a9e0b6fb18852b9" @@ -274127,8 +274127,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_767E : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6385-L6405" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6385-L6405" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "767ef5c831f92d92f2bfc3e6ea7fd76d11999eeea24cb464fd62e73132ed564b" hash = "d9a73df5ac5c68ef5b37a67e5e649332da0f649c3bb6828f70b65c0a2e7d3a23" logic_hash = "v1_sha256_624a88bcb301508151c2afdd1d5f076d04e2941dc2178b931f9dcfe3d63ab47d" @@ -274158,8 +274158,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6408-L6427" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6408-L6427" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9a54ef5cfbe6db599322967ee2c84db7daabcb468be10a3ccfcaa0f64d9173c7" logic_hash = "v1_sha256_a520f2236b800f2dd2b8ac9963b8e9ba3ce782cca2c1b2835540899da65168b5" score = 40 @@ -274188,8 +274188,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Oti_Otipcibussys_Kernelmodedrivertoaccessphysica date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6430-L6448" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6430-L6448" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80" logic_hash = "v1_sha256_ef5cb96dc4f6eaaf24fe9d0a65ccb5efe54cb672a9328b9dc2bbc36af82d96e2" score = 40 @@ -274217,8 +274217,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_DCB8 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6451-L6470" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6451-L6470" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "dcb815eb8e9016608d0d917101b6af8c84b96fb709dc0344bceed02cbc4ed258" logic_hash = "v1_sha256_80b8d0833d2e3675c5a1105725ef61e6914774019d4499c752a25b628a985274" score = 40 @@ -274247,8 +274247,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Micsystechnologycoltd_Msiosys_Msiodriverversion_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6473-L6492" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6473-L6492" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cfcf32f5662791f1f22a77acb6dddfbc970fe6e99506969b3ea67c03f67687ab" logic_hash = "v1_sha256_2dd35edfdf8b82b650278186df087c5ae103f3b807faf30c72278521ff56224b" score = 40 @@ -274277,8 +274277,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6495-L6514" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6495-L6514" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f8d45fa03f56e2ea14920b902856666b8d44f1f1b16644baf8c1ae9a61851fb6" logic_hash = "v1_sha256_522145d0081891d18a0c1e657ca6228962e97325697b556d97a4fe311efa3aee" score = 40 @@ -274307,8 +274307,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_D0E4 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6517-L6537" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6517-L6537" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d0e4d3e1f5d5942aaf2c72631e9490eecc4d295ee78c323d8fe05092e5b788eb" hash = "2ad8c38f6e0ca6c93abe3228c8a5d4299430ce0a2eeb80c914326c75ba8a33f9" logic_hash = "v1_sha256_6a29c44686032d2367b1b4b9ef342239b9490e48ba1cc5f862b66f3de6a3f4b2" @@ -274338,8 +274338,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6540-L6560" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6540-L6560" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "77da3e8c5d70978b287d433ae1e1236c895b530a8e1475a9a190cdcc06711d2f" hash = "837d3b67d3e66ef1674c9f1a47046e1617ed13f73ee08441d95a6de3d73ee9f2" logic_hash = "v1_sha256_a2918e4ffce0affe25aa7b8793c19dfa61da8321b35cb91600d0a5552e14fef6" @@ -274369,8 +274369,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_0368 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6563-L6583" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6563-L6583" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "03680068ec41bbe725e1ed2042b63b82391f792e8e21e45dc114618641611d5d" hash = "66f851b309bada6d3e4b211baa23b534165b29ba16b5cbf5e8f44eaeb3ca86ea" logic_hash = "v1_sha256_67626089334102cf852d0863b58a29562dda673b6601a90b13d97a2380a4295c" @@ -274400,8 +274400,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6586-L6605" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6586-L6605" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b0dcdbdc62949c981c4fc04ccea64be008676d23506fc05637d9686151a4b77f" logic_hash = "v1_sha256_13f4cfb57115eab4850771248b479f523f3c6d9a25a21b16ce224ab783dd4abc" score = 40 @@ -274430,8 +274430,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Radiantsystemsinc_Radhwmgrsys_Radiantsystemsinch date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6608-L6627" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6608-L6627" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7c79e5196c2f51d2ab16e40b9d5725a8bf6ae0aaa70b02377aedc0f4e93ca37f" logic_hash = "v1_sha256_1e60cfe82a13e311e8dc98cb4da82f0f1aecc606aaa5c57cda445228e78acd6b" score = 40 @@ -274460,8 +274460,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Dtresearchinc_Iomemsys_Iomemsys_DD4A : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6630-L6649" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6630-L6649" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "dd4a1253d47de14ef83f1bc8b40816a86ccf90d1e624c5adf9203ae9d51d4097" logic_hash = "v1_sha256_f04d75e5ff735d30d5bb3959722a5162b1ab7ce4db8d05a2007f98fc901b2179" score = 40 @@ -274490,8 +274490,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Pchuntersys_Pchunter_1B7F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6652-L6671" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6652-L6671" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa" logic_hash = "v1_sha256_54232c91f0f6d119ece865269eec9d5ea885c8dd0119a0eecd889a405af828a0" score = 40 @@ -274520,8 +274520,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_6500 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6674-L6693" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6674-L6693" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "65008817eb97635826a8708a6411d7b50f762bab81304e457119d669382944c3" logic_hash = "v1_sha256_a3a2b21c9a58fee77857f3074fe6b69506eecb2627d93f1ea3a51c4cccdd2bab" score = 40 @@ -274550,8 +274550,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_0FC3 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6696-L6716" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6696-L6716" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0fc3bc6e81b04dcaa349f59f04d6c85c55a2fea5db8fa0ba53d3096a040ce5a7" hash = "40eef1f52c7b81750cee2b74b5d2f4155d4e58bdde5e18ea612ab09ed0864554" logic_hash = "v1_sha256_56d3b62717fae240ed7c6becfd6523962bb536fe4f7746e7c80f97851fe30501" @@ -274581,8 +274581,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersys_EDC6 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6719-L6740" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6719-L6740" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "edc6e32e3545f859e5b49ece1cabd13623122c1f03a2f7454a61034b3ff577ed" hash = "79e7165e626c7bde546cd1bea4b9ec206de8bed7821479856bdb0a2adc3e3617" hash = "18b923b169b2c3c7db5cbfda0db0999f04adb2cf6c917e5b1fb2ff04714ecac1" @@ -274613,8 +274613,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_E428 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6743-L6759" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6743-L6759" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f" logic_hash = "v1_sha256_8bd47884d13cfc03ececb849688a1c843c4de684a6d32923493f9d0af3d33b7b" score = 40 @@ -274640,8 +274640,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrserverddkprovider_Cpuzsys_Windowsrserver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6762-L6781" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6762-L6781" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "be683cd38e64280567c59f7dc0a45570abcb8a75f1d894853bbbd25675b4adf7" logic_hash = "v1_sha256_6fc3676bace692d3c83f0ccebe39be7d9dec3965935a8cf8971594fd6c206b90" score = 40 @@ -274670,8 +274670,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_0909 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6784-L6803" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6784-L6803" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0909005d625866ef8ccd8ae8af5745a469f4f70561b644d6e38b80bccb53eb06" logic_hash = "v1_sha256_f224ce42de29a91805c38c230c5b311878339c20d18bcd482b5738f246b12cbc" score = 40 @@ -274700,8 +274700,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6806-L6826" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6806-L6826" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3cb111fdedc32f2f253aacde4372b710035c8652eb3586553652477a521c9284" hash = "9bfd24947052bfe9f2979113a7941e40bd7e3a82eaa081a32ad4064159f07c91" logic_hash = "v1_sha256_cb6f7a26f4564d7a60a8dee25f5018fd4f3b4decfef6dfdb0d0b2f1df982adf7" @@ -274731,8 +274731,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Watchdogdevelopmentcomllc_Wsdkdsys_Wsdkd_6278 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6829-L6848" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6829-L6848" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6278bc785113831b2ec3368e2c9c9e89e8aca49085a59d8d38dac651471d6440" logic_hash = "v1_sha256_3df6c8424981c50e765d8730f702b2a541b4e7312eea2ae27518d0958531f3e0" score = 40 @@ -274761,8 +274761,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Huawei_Hwosec_Huaweimatebook_B179 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6851-L6871" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6851-L6871" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de" hash = "bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc" logic_hash = "v1_sha256_6c35f9cdd6d48a5804a95bbfd15564e1b9d145b121a72df7fe345ede0c2eed26" @@ -274792,8 +274792,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Hpinc_Hpportioxsys_Hpportio_A468 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6874-L6892" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6874-L6892" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a4680fabf606d6580893434e81c130ff7ec9467a15e6534692443465f264d3c9" logic_hash = "v1_sha256_a1e7828c2e39afe4279e6c9b5d34263478919336ed6b7d01bb45b1fdb2032878" score = 40 @@ -274821,8 +274821,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_7661 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6895-L6911" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6895-L6911" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "76614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a" logic_hash = "v1_sha256_8428303996166eb968534f192a1e15cc374ed412b8915b41a323fcf6d8bd238c" score = 40 @@ -274848,8 +274848,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6914-L6933" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6914-L6933" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8b92cdb91a2e2fab3881d54f5862e723826b759749f837a11c9e9d85d52095a2" logic_hash = "v1_sha256_565bd93231c1cffbb52efc9fedae7c41593ba93a2540dadf199806793359f67d" score = 40 @@ -274878,8 +274878,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_881B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6936-L6955" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6936-L6955" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "881bca6dc2dafe1ae18aeb59216af939a3ac37248c13ed42ad0e1048a3855461" logic_hash = "v1_sha256_0d1427a94c21e7055a8d3d1e23e0ee3c513030530c15778eed40283979dba6f9" score = 40 @@ -274908,8 +274908,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_5192 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6958-L6977" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6958-L6977" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5192ec4501d0fe0b1c8f7bf9b778f7524a7a70a26bbbb66e5dab8480f6fdbb8b" logic_hash = "v1_sha256_39194a4e7085e17fef079075949360155d6ce279e3bc1a92f1b3a12b70e7f15c" score = 40 @@ -274938,8 +274938,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Radiantsystemsinc_Radhwmgrsys_Radiantsystemsinch date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L6980-L7000" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L6980-L7000" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0f30ecd4faec147a2335a4fc031c8a1ac9310c35339ebeb651eb1429421951a0" hash = "903d6d71da64566b1d9c32d4fb1a1491e9f91006ad2281bb91d4f1ee9567ef7b" logic_hash = "v1_sha256_09782a4b713c385896e9793c7fe4771ad00b8736e44c2639f94239751cf17222" @@ -274969,8 +274969,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftware_Insydeflash_Insydeflashutilitybit date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7003-L7022" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7003-L7022" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9" logic_hash = "v1_sha256_ba20c0a151a7e6ef4c2e70426cf4132d9c30f40b6a91e4402e20d15201b6c56e" score = 40 @@ -274999,8 +274999,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_80A5 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7025-L7044" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7025-L7044" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "80a59ca71fc20961ccafc0686051e86ae4afbbd4578cb26ad4570b9207651085" logic_hash = "v1_sha256_f736ac96f1efde446400aaa49fba7cc84a0a10b3425561f67811da86dbee14a8" score = 40 @@ -275029,8 +275029,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Microfocus_Microfocusxtier_5351 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7047-L7065" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7047-L7065" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c" logic_hash = "v1_sha256_efbf3fd36c3ca5c2b95796cdaefb175ad1957866649e73366a1d6810cbcb5e81" score = 40 @@ -275058,8 +275058,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxdrvsys_Sunvirtualbox_R_78 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7068-L7088" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7068-L7088" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f" hash = "c26b51b4c37330800cff8519252e110116c3aaade94ceb9894ec5bfb1b8f9924" logic_hash = "v1_sha256_5e95853e7a2013132a6565b5908475e6369a56ff6c58f0e10c875b72b15b2523" @@ -275089,8 +275089,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Corsairmemoryinc_Corsairllaccess_Corsairllaccess date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7091-L7111" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7091-L7111" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5fad3775feb8b6f6dcbd1642ae6b6a565ff7b64eadfc9bf9777918b51696ab36" hash = "29a90ae1dcee66335ece4287a06482716530509912be863c85a2a03a6450a5b6" logic_hash = "v1_sha256_5dc9ec007f318b16034b43248be9807c024780aa58eb714982130656e7f2b6a6" @@ -275120,8 +275120,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_16E2 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7114-L7134" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7114-L7134" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "16e2b071991b470a76dff4b6312d3c7e2133ad9ac4b6a62dda4e32281952fb23" hash = "0c925468c3376458d0e1ec65e097bd1a81a03901035c0195e8f6ef904ef3f901" logic_hash = "v1_sha256_162cf712c505520635388ec61c69165a2fff8704c7edef58c63cc8cbcc624e0d" @@ -275151,8 +275151,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7137-L7157" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7137-L7157" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "060d25126e45309414b380ee29f900840b689eae4217a8e621563f130c1d457f" hash = "b8321471be85dc8a67ac18a2460cab50e7c41cb47252f9a7278b1e69d6970f25" logic_hash = "v1_sha256_f7a87edc0403a7b8273256805bb8c7aadadde8143db84be9b3968ef67cf3c1c4" @@ -275182,8 +275182,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_7553 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7160-L7180" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7160-L7180" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7553c76b006bd2c75af4e4ee00a02279d3f1f5d691e7dbdc955eac46fd3614c3" hash = "64dddd5ac53fe2c9de2b317c09034d1bccaf21d6c03ccfde3518e5aa3623dd66" logic_hash = "v1_sha256_e60b387fe83bffdd1411f3b8fb491f0b60ff0de3eac87c9c5ee8c55ca6c48afc" @@ -275213,8 +275213,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Overclockingtool_Atillksys_Overclockingtool_11A9 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7183-L7203" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7183-L7203" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "11a9787831ac4f0657aeb5e7019c23acc39d8833faf28f85bd10d7590ea4cc5f" hash = "d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b" logic_hash = "v1_sha256_07b8fb1b1b86b58a6fb7f18f3b1b70eee5826fa5c629a8cef1b97afbae7ea7c3" @@ -275244,8 +275244,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_2A62 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7206-L7225" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7206-L7225" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2a6212f3b68a6f263e96420b3607b31cfdfe51afff516f3c87d27bf8a89721e8" logic_hash = "v1_sha256_5fae0a4ba7d11e3714baab3417a1bdd9fff6275fa9347c0389d8627374533bbf" score = 40 @@ -275274,8 +275274,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_AAA3 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7228-L7247" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7228-L7247" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "aaa3459bcac25423f78ed72dbae4d7ef19e7c5c65770cbe5210b14e33cd1816c" logic_hash = "v1_sha256_bb87661658fa874985bbe1050c19eb8ea9136ec62c224d53cd4920866e6a6b1f" score = 40 @@ -275304,8 +275304,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswvmmsys_Avastantivirus_3650 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7250-L7269" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7250-L7269" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "36505921af5a09175395ebaea29c72b2a69a3a9204384a767a5be8a721f31b10" logic_hash = "v1_sha256_afe8e12664ee9061c2b2ecdcaaef0c38ece604d050e31b46208f9a22545042ca" score = 40 @@ -275334,8 +275334,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gdrv_FF67 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7272-L7291" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7272-L7291" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ff6729518a380bf57f1bc6f1ec0aa7f3012e1618b8d9b0f31a61d299ee2b4339" logic_hash = "v1_sha256_18c40b7312d0b65d83287e452e8b9429eaed36245d17ef1b82ec04a968303a39" score = 40 @@ -275364,8 +275364,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7294-L7313" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7294-L7313" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c" logic_hash = "v1_sha256_b038dcb0a536e16d71035d11537757f529589a435616abacd94aadd5663c2a17" score = 40 @@ -275394,8 +275394,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rivetnetworksllc_Kfecodrvsys_Killertrafficcontro date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7316-L7335" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7316-L7335" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b583414fcee280128788f7b39451c511376fe821f455d4f3702795e96d560704" logic_hash = "v1_sha256_d4f37a4c7014694cfcf57c11ee9d41edec1b6fa77a564341663c3411764dbcda" score = 40 @@ -275424,8 +275424,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7338-L7357" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7338-L7357" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3d008e636e74c846fe7c00f90089ff725561cb3d49ce3253f2bbfbc939bbfcb2" logic_hash = "v1_sha256_d52c104de520b575b404d320a8ec762a146da8cc0567b5f30dc8594b7a1742ef" score = 40 @@ -275454,8 +275454,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_ED2F : F date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7360-L7379" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7360-L7379" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ed2f33452ec32830ffef2d5dc832985db9600c306ed890c47f3f33ccbb335c39" logic_hash = "v1_sha256_1da8ef4d1877ba9d2c31d994735f6395367de990be6c875c0cba37654ee39ad3" score = 40 @@ -275484,8 +275484,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibxsys_Ntiolib_09BE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7382-L7401" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7382-L7401" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1" logic_hash = "v1_sha256_23f5a77bae75d686a980e65dd6efe4ad216a60d75631fed169a83cc88d64675e" score = 40 @@ -275514,8 +275514,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_A802 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7404-L7423" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7404-L7423" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a8027daa6facf1ff81405daf6763249e9acf232a1a191b6bf106711630e6188e" logic_hash = "v1_sha256_8ef06932883bbd5ad62bd5d975fb341277a83271f7a21fc77cdebc6b9f4a05a6" score = 40 @@ -275544,8 +275544,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7426-L7445" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7426-L7445" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0f016c80c4938fbcd47a47409969b3925f54292eba2ce01a8e45222ce8615eb8" logic_hash = "v1_sha256_014039b9b1b4ea903b4c014ca3d3ff946b1b0f4759d8d78c1fcf825d11318e42" score = 40 @@ -275574,8 +275574,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxdrvsys_Sunvirtualbox_R_75 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7448-L7467" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7448-L7467" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7539157df91923d4575f7f57c8eb8b0fd87f064c919c1db85e73eebb2910b60c" logic_hash = "v1_sha256_dd40b144e403136b4359106d2efeb24335b83ffc13a62fdce7c9bd602dc45506" score = 40 @@ -275604,8 +275604,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Interfacecorporation_Cpxcsys_Gpcxc_1183 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7470-L7489" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7470-L7489" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "11832c345e9898c4f74d3bf8f126cf84b4b1a66ad36135e15d103dbf2ac17359" logic_hash = "v1_sha256_5842fcb278bb2b659760677fea80cbb110347e495e9f1a39fc901f0927753b88" score = 40 @@ -275634,8 +275634,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_478D : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7492-L7511" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7492-L7511" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "478d855b648ef4501d3b08b3b10e94076ac67546b0ce86b454324f1bf9a78aa0" logic_hash = "v1_sha256_29a09ee10d391b3183052255622f7b96a0e2bf649acc30e10d57e1cb3b17b84f" score = 40 @@ -275664,8 +275664,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Activeclean_A903 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7514-L7533" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7514-L7533" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a903f329b70f0078197cb7683aae1bb432eaf58572fe572f7cb4bc2080042d7e" logic_hash = "v1_sha256_b79d850df65fa7a96642e4a1da2240e001c87d44d64c621c756face489c0eb6b" score = 40 @@ -275694,8 +275694,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7536-L7556" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7536-L7556" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa" hash = "86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675" logic_hash = "v1_sha256_3035342ffaf651efc8de23d2da68540ee7d89b2bf2b5c2925094e7fe2a3f7c28" @@ -275725,8 +275725,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_1B17 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7559-L7578" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7559-L7578" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1b17d12076d047e74d15e6e51e10497ad49419bec7fbe93386c57d3efbaadc0b" logic_hash = "v1_sha256_cd8e28cc91da2da748b449b175c24f7271019fa6e9b475b8689183eb1866c59a" score = 40 @@ -275755,8 +275755,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_6CF1 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7581-L7599" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7581-L7599" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6cf1cac0e97d30bb445b710fd8513879678a8b07be95d309cbf29e9b328ff259" logic_hash = "v1_sha256_60fcd09b5ad2beef9a28c78590e6a935b5a2818db45175960527285a4a765ea5" score = 40 @@ -275784,8 +275784,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_EAE5 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7602-L7621" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7602-L7621" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "eae5c993b250dcc5fee01deeb30045b0e5ee7cf9306ef6edd8c58e4dc743a8ed" logic_hash = "v1_sha256_ea0bb86a2cc5f3349678d9a698e14301207ba1bf6c19f9caf91abd72e7794a8c" score = 40 @@ -275814,8 +275814,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7624-L7643" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7624-L7643" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c" logic_hash = "v1_sha256_c4310d622e5861f4c63d9e9c39ee94acbfb35d24a91f50158f1d695d1f0cf254" score = 40 @@ -275844,8 +275844,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Databaseharborsoftware_Sysinfodetectorxsys_Sysin date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7646-L7665" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7646-L7665" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "45e5977b8d5baec776eb2e62a84981a8e46f6ce17947c9a76fa1f955dc547271" logic_hash = "v1_sha256_3c67bbee00427b7f8ed689a5ff83641bad2b62dc685b5155ea81f6dbba4377b0" score = 40 @@ -275874,8 +275874,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_7048 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7668-L7689" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7668-L7689" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7048d90ed4c83ad52eb9c677f615627b32815066e34230c3b407ebb01279bae6" hash = "d80714d87529bb0bc7abcc12d768c43a697fbca59741c38fa0b46900da4db30e" hash = "fed0fe2489ae807913be33827b3b11359652a127e33b64464cc570c05abd0d17" @@ -275906,8 +275906,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_7837 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7692-L7711" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7692-L7711" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7837cb350338c4958968d06b105466da6518f5bb522a6e70e87c0cad85128408" logic_hash = "v1_sha256_0d0e3e2675e5d6b11369a388a6e7a947e603db2562aefb802c977728419bb667" score = 40 @@ -275936,8 +275936,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantim date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7714-L7733" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7714-L7733" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e505569892551b2ba79d8792badff0a41faea033e8d8f85c3afea33463c70bd9" logic_hash = "v1_sha256_7645c180f10ba31e259cdfa4904c16941ce777412416527c95fa9592ed76da8c" score = 40 @@ -275966,8 +275966,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ncrcorporation_Radhwmgrsys_Ncrcorporationhardwar date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7736-L7755" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7736-L7755" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "df96d844b967d404e58a12fc57487abc24cd3bd1f8417acfe1ce1ee4a0b0b858" logic_hash = "v1_sha256_2194da0b4589893a0884b9a8c0ed5a556b008152b9c03613074892001406fc21" score = 40 @@ -275996,8 +275996,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7758-L7777" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7758-L7777" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0b2ad05939b0aabbdc011082fad7960baa0c459ec16a2b29f37c1fa31795a46d" logic_hash = "v1_sha256_e4e6178a894262ed52bd5ee6e0879f54d4cb81ec467f065f0b00d34ac55064b0" score = 40 @@ -276026,8 +276026,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_BA40 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7780-L7799" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7780-L7799" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ba40b1fc798c2f78165e78997b4baf3d99858ee39a372ca6fbc303057793e50d" logic_hash = "v1_sha256_ea4d6b524d8e4229b090890145a02617482c38ae077d5fd9a7fd46fa6e917b1a" score = 40 @@ -276056,8 +276056,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_828A : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7802-L7821" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7802-L7821" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "828a18b16418c021b6c4aa8c6d54cef4e815efca0d48b9ff14822f9ccb69dff2" logic_hash = "v1_sha256_e5eb524d77c082acac68ea7b24bf10e445dd1afc9be97333980d8a8d580a6e98" score = 40 @@ -276086,8 +276086,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxusbmonsys_Virtualboxusbmo date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7824-L7843" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7824-L7843" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8a2482e19040d591c7cec5dfc35865596ce0154350b5c4e1c9eecc86e7752145" logic_hash = "v1_sha256_bf3569ba1652fc95c0752a4bf58586ecbe41db63d58ff6326cbd7ef6c2d5b65f" score = 40 @@ -276116,8 +276116,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Copyright_Advancedmalwareprotection_6F55 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7846-L7864" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7846-L7864" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c" logic_hash = "v1_sha256_4b5b303a3311ec88e1ebad890eb08fe3af13b3c6fdd7cf88421a9f7590661832" score = 40 @@ -276145,8 +276145,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_0DC4 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7867-L7886" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7867-L7886" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0dc4ff96d7e7db696e0391c5a1dda92a0b0aedbf1b0535bf5d62ebeec5b2311c" logic_hash = "v1_sha256_291aa7d4bd435f112fb6678d8b495d38df94b7a6256d71ac39dd055ab3c94719" score = 40 @@ -276175,8 +276175,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_3670 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7889-L7909" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7889-L7909" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3670ccd9515d529bb31751fcd613066348057741adeaf0bffd1b9a54eb8baa76" hash = "0d133ced666c798ea63b6d8026ec507d429e834daa7c74e4e091e462e5815180" logic_hash = "v1_sha256_3ca3c8fe11a696ad5eaf4b806c277a903a665b3c16a5c8a86dbf8468a71ad9ee" @@ -276206,8 +276206,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_EEA5 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7912-L7931" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7912-L7931" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b" logic_hash = "v1_sha256_47bcbc01fc9d12d72613093da34efd44b9d45af700a83450e36aed9fa972ae9b" score = 40 @@ -276236,8 +276236,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_9CA5 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7934-L7953" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7934-L7953" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9ca586b49135166eea00c6f83329a2d134152e0e9423822a51c13394265b6340" logic_hash = "v1_sha256_a666e2b5c53129dc1f82a945d828bb84fc31e54c1c69cc6666222e4b9a45ea39" score = 40 @@ -276266,8 +276266,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_4E54 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7956-L7975" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7956-L7975" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4e54e98df13110aac41f3207e400cce2a00df29ce18c32186e536c1de25a75ce" logic_hash = "v1_sha256_81a80cb4cdeb79ba7b32cb981c4f6d986fc465a78566aded7d7bf3f06e3e027f" score = 40 @@ -276296,8 +276296,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_2D2C : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L7978-L7997" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L7978-L7997" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2d2c7ee9547738a8a676ab785c151e8b48ed40fe7cf6174650814c7f5f58513b" logic_hash = "v1_sha256_991c554b098cc048d925ab989b0ca3950b07fd13e75ddcc0e8d8f4e24f6e58a6" score = 40 @@ -276326,8 +276326,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_F4EE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8000-L8019" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8000-L8019" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f4ee803eefdb4eaeedb3024c3516f1f9a202c77f4870d6b74356bbde32b3b560" logic_hash = "v1_sha256_7ad25b1c03c5f7aff57f6ae40fae6232a0649d643a4ccd6ed1eee886bfad7f68" score = 40 @@ -276356,8 +276356,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_5CFA : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8022-L8041" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8022-L8041" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5cfad3d473961763306d72c12bd5ae14183a1a5778325c9acacca764b79ca185" logic_hash = "v1_sha256_772f33e1190458ffbe4f6636fc775fea47d4ab242cecc5a77d00ee34de4ecf86" score = 40 @@ -276386,8 +276386,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerzsys_Ludashisystemdriver_898E : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8044-L8064" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8044-L8064" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "898e07cf276ec2090b3e7ca7c192cc0fa10d6f13d989ef1cb5826ca9ce25b289" hash = "07d0090c76155318e78a676e2f8af1500c20aaa1e84f047c674d5f990f5a09c8" logic_hash = "v1_sha256_8895375f8ce3efa2fec38f6b42d4401b64d5dbde4c1bd9eead31ecb442f72588" @@ -276417,8 +276417,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8067-L8087" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8067-L8087" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "afda5af5f210336061bff0fab0ed93ee495312bed639ec5db56fbac0ea8247d3" hash = "b2364c3cf230648dad30952701aef90acfc9891541c7e154e30c9750da213ed1" logic_hash = "v1_sha256_c969121df4f2e873fbff32b00484550a8a80e4fcc0cd093a2c93c566c249977a" @@ -276448,8 +276448,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Interfacecorporation_Cpxcsys_Gpcxcdiobmpcicpci_6 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8090-L8110" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8090-L8110" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "63865f04c1150655817ed4c9f56ad9f637d41ebd2965b6127fc7c02757a7800e" hash = "9c8ed1506b3e35f5eea6ac539e286d46ef76ddbfdfc5406390fd2157c762ce91" logic_hash = "v1_sha256_ceae34b4cd1698fc1d779b5860437b1017401c8f954d74804fcdbb13a5603186" @@ -276479,8 +276479,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Rtportsys_Windowsrddkdriver_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8113-L8134" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8113-L8134" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c490d6c0844f59fdb4aa850a06e283fbf5e5b6ac20ff42ead03d549d8ae1c01b" hash = "a29093d4d708185ba8be35709113fb42e402bbfbf2960d3e00fd7c759ef0b94e" hash = "e3dbafce5ad2bf17446d0f853aeedf58cc25aa1080ab97e22375a1022d6acb16" @@ -276511,8 +276511,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Arthurliberman_Alsysiosys_Alsysio_119C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8137-L8156" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8137-L8156" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "119c48b79735fda0ecd973d77d9bdc6b329960caed09b38ab454236ca039d280" logic_hash = "v1_sha256_1ff636a8954a5f049c582d8436111ffe5a4e89e3f38870c9c8ac9706f0b1acd2" score = 40 @@ -276541,8 +276541,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_263E : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8159-L8178" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8159-L8178" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "263e8f1e20612849aea95272da85773f577fd962a7a6d525b53f43407aa7ad24" logic_hash = "v1_sha256_c4a5f4e6908dcf3280adcebb9d8c58fb58be06267b524cb37f15d99091eb4a98" score = 40 @@ -276571,8 +276571,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_88FB : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8181-L8200" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8181-L8200" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "88fb0a846f52c3b680c695cd349bf56151a53a75a07b8b0b4fe026ab8aa0a9af" logic_hash = "v1_sha256_9c38d3552116177e73a66e56d3f53f8f50ed698a8747cbc59ccbee3cfec0db0d" score = 40 @@ -276601,8 +276601,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_E839 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8203-L8222" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8203-L8222" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e83908eba2501a00ef9e74e7d1c8b4ff1279f1cd6051707fd51824f87e4378fa" logic_hash = "v1_sha256_452a3eeb969ca2a3145b1f525401490911aeec23b29e88395f33dddb693417d0" score = 40 @@ -276631,8 +276631,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Hilschergesellschaftfrsystemaoutomationmbh_Physm date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8225-L8244" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8225-L8244" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d" logic_hash = "v1_sha256_64d1a7c9772d6a627bd2cec5c466a2627fa28d4a640ebe7fac5b948a02f1ff2a" score = 40 @@ -276661,8 +276661,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_4CE8 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8247-L8266" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8247-L8266" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4ce8583768720be90fae66eed3b6b4a8c7c64e033be53d4cd98246d6e06086d0" logic_hash = "v1_sha256_65d2d5a1727f55c5a09c2dac5472095b92316eaaabf6356224b175ffe6b7c5a3" score = 40 @@ -276691,8 +276691,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8269-L8288" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8269-L8288" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "af1011c76a22af7be97a0b3e0ce11aca0509820c59fa7c8eeaaa1b2c0225f75a" logic_hash = "v1_sha256_9fc3405f0415b37f348f5a7ea83344a60a9a987acfa844663811e834927f234a" score = 40 @@ -276721,8 +276721,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_ADA4 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8291-L8310" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8291-L8310" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ada4e42bf5ef58ef1aad94435441003b1cc1fcaa5d38bfdbe1a3d736dc451d47" logic_hash = "v1_sha256_d102d9add684a93cec7f05196b3e3ca39ff470df7df1b5fd58001b460c0a2dfc" score = 40 @@ -276751,8 +276751,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_9B2F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8313-L8332" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8313-L8332" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9b2f051ac901ab47d0012a1002cb8b2db28c14e9480c0dd55e1ac11c81ba9285" logic_hash = "v1_sha256_156c30e23f3a22442c635c449290dfcfc5f02fb3b3a0a65f0966306bd1d71f7c" score = 40 @@ -276781,8 +276781,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_F629 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8335-L8354" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8335-L8354" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f62911334068c9edd44b9c3e8dee8155a0097aa331dd4566a61afa3549f35f65" hash = "0cf91e8f64a7c98dbeab21597bd76723aee892ed8fa4ee44b09f9e75089308e2" logic_hash = "v1_sha256_b4ad3eedff5e41aa07d42c46dd5ef97ef281c049ed676e6b93474f21e20da428" @@ -276811,8 +276811,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cyreninc_Amp_Cyrenamp_CBB8 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8357-L8376" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8357-L8376" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6" logic_hash = "v1_sha256_79514ed74f7ca8fae3b4a36ae240d325fb70555cb8371e03a498b6fb9992b961" score = 40 @@ -276841,8 +276841,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersdkcom_Lgdcatchersys_Netfiltersdk_0C42 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8379-L8398" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8379-L8398" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5" logic_hash = "v1_sha256_ca3a99d2b899c907450d0a975db142d391135f70d8f6e42f937e03e2b0c7a9ce" score = 40 @@ -276871,8 +276871,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Supermicrocomputerinc_Superbmc_Superbmc_F843 : F date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8401-L8420" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8401-L8420" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35" logic_hash = "v1_sha256_a628c561060c20f97c03b11be8c6d475b390d10ee7bf8dff9cc05600d68b8fc8" score = 40 @@ -276901,8 +276901,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8423-L8442" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8423-L8442" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1023dcd4c80db19e9f82f95b1c5e1ddb60db7ac034848dd5cc1c78104a6350f4" logic_hash = "v1_sha256_5dd553f7a90a5680d1a250a951e0166a526690dbef5fe431fa37347b3a5f2078" score = 40 @@ -276931,8 +276931,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_F877 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8445-L8465" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8445-L8465" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f877296e8506e6a1acbdacdc5085b18c6842320a2775a329d286bac796f08d54" hash = "de3597ae7196ca8c0750dce296a8a4f58893774f764455a125464766fcc9b3b5" logic_hash = "v1_sha256_65966a05952fcf57b8d722154fe6dcafba49fffa0494086e1ff2bf76229d0c78" @@ -276962,8 +276962,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8468-L8487" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8468-L8487" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ae3a6a0726f667658fc3e3180980609dcb31bdbf833d7cb76ba5d405058d5156" logic_hash = "v1_sha256_7ff6b127fcdbe2a1612d46fccdf23d0fbaa2f6a91a54b718658ebd2d3fea8bce" score = 40 @@ -276992,8 +276992,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_AD23 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8490-L8509" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8490-L8509" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ad23d77a38655acb71216824e363df8ac41a48a1a0080f35a0d23aa14b54460b" logic_hash = "v1_sha256_8cdd734afe9bdf25157395096e64bfa743e4f17e1bde796269d6b5c875147561" score = 40 @@ -277022,8 +277022,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Rtportsys_Windowsrddkdriver_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8512-L8531" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8512-L8531" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6f806a9de79ac2886613c20758546f7e9597db5a20744f7dd82d310b7d6457d0" logic_hash = "v1_sha256_707ec81c9fb679a439f23e97e92c6d08b541cd433bfa4fa4296a664cabb403d0" score = 40 @@ -277052,8 +277052,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiowxsys_Realtekiodriver_B205 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8534-L8553" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8534-L8553" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038" logic_hash = "v1_sha256_8313ea1ab68c635fd99927884741a087ea5d93e3e2d3d3c9171609f17545d3cc" score = 40 @@ -277082,8 +277082,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Filseclabcorporation_Filnk_Filseclabdynamicdefen date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8556-L8575" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8556-L8575" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12" logic_hash = "v1_sha256_36e491c2841bb77cfc3c07545a30af7edef940e4f36fffd33f6a35f5d8980c86" score = 40 @@ -277112,8 +277112,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_CBF7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8578-L8597" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8578-L8597" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cbf74bed1a4d3d5819b7c50e9d91e5760db1562d8032122edac6f0970f427183" logic_hash = "v1_sha256_4093b8e8e67632b5ee28b0e8843398e3e32c33b6fbb18c68730f4495d4c025ad" score = 40 @@ -277142,8 +277142,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8600-L8619" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8600-L8619" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a47555d04b375f844073fdcc71e5ccaa1bbb201e24dcdebe2399e055e15c849f" logic_hash = "v1_sha256_212de91b3abdc9948aad64531983df3c75e36ff73e56a6b5e8a488571fc39465" score = 40 @@ -277172,8 +277172,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_66F8 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8622-L8641" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8622-L8641" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "66f8bd2b29763acfbb7423f4c3c9c3af9f3ca4113bd580ab32f6e3ee4a4fc64e" hash = "7f84f009704bc36f0e97c7be3de90648a5e7c21b4f870e4f210514d4418079a0" logic_hash = "v1_sha256_bb8f360956167a6616fa3449f4dcbc78f938a69c979298d921757c6f1e779601" @@ -277202,8 +277202,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8644-L8663" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8644-L8663" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "55b5bcbf8fb4e1ce99d201d3903d785888c928aa26e947ce2cdb99eefd0dae03" logic_hash = "v1_sha256_3379ec91998a5850e3181784a43fa669817d2f3930bc790bf7b46857a2393d93" score = 40 @@ -277232,8 +277232,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Atsziosys_Atsziodriver_1A4F : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8666-L8689" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8666-L8689" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1a4f7d7926efc3e3488758ce318246ea78a061bde759ec6c906ff005dd8213e5" hash = "0da746e49fd662be910d0e366934a7e02898714eaaa577e261ab40eb44222b5c" hash = "e32ab30d01dcff6418544d93f99ae812d2ce6396e809686620547bea05074f6f" @@ -277266,8 +277266,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Filseclabcorporation_Filwfp_Filseclabfirewall_49 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8692-L8711" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8692-L8711" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "490cfbb540dcd70b7bff4fdd62e7ed7400bbfebaf5083523d49f7184670f7b9a" logic_hash = "v1_sha256_722b36f80e7c899c75667c989390161a30d1336be397c771174e8753865a6f8c" score = 40 @@ -277296,8 +277296,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asrockincorporation_Asrautochkupddrvsys_Asrautoc date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8714-L8733" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8714-L8733" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4ae42c1f11a98dee07a0d7199f611699511f1fb95120fabc4c3c349c485467fe" logic_hash = "v1_sha256_a07a0630526bf3b9d427a83b00269428059e640787a834ff129cdb23b4c4c245" score = 40 @@ -277326,8 +277326,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_9E34 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8736-L8755" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8736-L8755" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9e3430d5e0e93bc4a5dccc985053912065e65722bfc2eaf431bc1da91410434c" logic_hash = "v1_sha256_d07bb8afe8e9e55d9bbf5c96ab8be6bf1f3b65a08873f8956436b87ad3b826d8" score = 40 @@ -277356,8 +277356,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wisecleanercom_Wiseunlosys_Wiseunlo_9D53 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8758-L8778" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8758-L8778" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9d530642aeb6524691d06b9e02a84e3487c9cdd86c264b105035d925c984823a" hash = "5e27fe26110d2b9f6c2bad407d3d0611356576b531564f75ff96f9f72d5fcae4" logic_hash = "v1_sha256_bdf3933b96f571ca3f07d9c3775847d5053f3f147b75068e7dad4a152480935e" @@ -277387,8 +277387,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_BCFC : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8781-L8800" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8781-L8800" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "bcfc2c9883e6c1b8429be44cc4db988a9eecb544988fbd756d18cfca6201876f" logic_hash = "v1_sha256_10b04a7ca71652632fb836bfb76f6be8b4c1d9e7e6566f623b52a850b3dbebde" score = 40 @@ -277417,8 +277417,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Gdrvsys_Windowsrddkdriver_F4 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8803-L8823" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8803-L8823" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f4ff679066269392f6b7c3ba6257fc60dd609e4f9c491b00e1a16e4c405b0b9b" hash = "cfc5c585dd4e592dd1a08887ded28b92d9a5820587b6f4f8fa4f56d60289259b" logic_hash = "v1_sha256_e7ca103b49c11733154f9f4bf164be90f25d3534ea103312047d7f1a9c240131" @@ -277448,8 +277448,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_DBC6 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8826-L8845" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8826-L8845" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "dbc604b4e01362a3e51357af4a87686834fe913852a4e0a8c0d4c1a0f7d076ed" logic_hash = "v1_sha256_becd57b696fe37ea0ae1bd83aa1c00258d1a58fd83c80d9772bea625ad0d6afc" score = 40 @@ -277478,8 +277478,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Corsairmemoryinc_Corsairllaccess_Corsairllaccess date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8848-L8867" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8848-L8867" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f15ae970e222ce06dbf3752b223270d0e726fb78ebec3598b4f8225b5a0880b1" logic_hash = "v1_sha256_ae01cd2b9b1c504298c0295fd4f3e54199df371787676f19ba0a3ad9340f0c56" score = 40 @@ -277508,8 +277508,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_4E37 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8870-L8889" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8870-L8889" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4e37592a2a415f520438330c32cfbdbd6af594deef5290b2fa4b9722b898ff69" logic_hash = "v1_sha256_cd104e4130ef7fcc525a31aacc1180933cd6fe99a7b0c10a54622c512d699364" score = 40 @@ -277538,8 +277538,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_ECD0 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8892-L8911" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8892-L8911" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ecd07df7ad6fee9269a9e9429eb199bf3e24cf672aa1d013b7e8d90d75324566" logic_hash = "v1_sha256_48342828a25e7fdd6dad197bb079d58fc1937b9630f021067a7f197e53c912d9" score = 40 @@ -277568,8 +277568,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_6701 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8914-L8933" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8914-L8933" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6701433861742c08eb50f1e785962378143ad5b6c374ac29118168599f8a0f1c" logic_hash = "v1_sha256_c6d8f88f83fffed54cd4adf0542a40531765b0cea0e963ed7ad5d646a7901f19" score = 40 @@ -277598,8 +277598,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Radiantsystemsinc_Radhwmgrsys_Radiantsystemsinch date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8936-L8955" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8936-L8955" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "00c3e86952eebb113d91d118629077b3370ebc41eeacb419762d2de30a43c09c" logic_hash = "v1_sha256_d5975b9f192b982cb0febc0314e9597f387830e6c1cc4bf0202918ce75c8ca33" score = 40 @@ -277628,8 +277628,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_DEE3 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8958-L8978" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8958-L8978" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "dee384604d2d0018473941acbefe553711ded7344a4932daeffb876fe2fa0233" hash = "26ecd3cea139218120a9f168c8c0c3b856e0dd8fb2205c2a4bcb398f5f35d8dd" logic_hash = "v1_sha256_106ecc5e36dbf66a7660d00bfcce40934528899d60bd2bb7711c56f515119fcc" @@ -277659,8 +277659,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_36E3 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L8981-L9000" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L8981-L9000" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "36e3127f045ef1fa7426a3ff8c441092d3b66923d2b69826034e48306609e289" logic_hash = "v1_sha256_c8c776a3ef3f452b261c7348f0634f9bac7e00f5028eeb56af41461d240a5216" score = 40 @@ -277689,8 +277689,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_FDA9 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9003-L9022" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9003-L9022" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "fda93c6e41212e86af07f57ca95db841161f00b08dae6304a51b467056e56280" logic_hash = "v1_sha256_2548a054742e55e13e146fa3389c4fb17bdf4e7785bc824e5dd8be7d0cddd75a" score = 40 @@ -277719,8 +277719,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_6E9E : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9025-L9044" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9025-L9044" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6e9e9e0b9a23deec5f28dc45f0bbe7423565f037f74be2957e82e5f72c886094" logic_hash = "v1_sha256_1a5841556e8589b9fda2167a5ad9c6ac0ec7bb9e9358220ebc18e9675fe6254b" score = 40 @@ -277749,8 +277749,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_1228 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9047-L9066" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9047-L9066" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1228d0b6b4f907384346f64e918cc28021fe1cd7d4e39687bca34a708998261a" logic_hash = "v1_sha256_6d10896a203562741de37cb97e858a1d70451ad5fc1341ad80d6aa4765b8de9a" score = 40 @@ -277779,8 +277779,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Biostargroup_Iodriver_Biostariodriver_D205 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9069-L9088" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9069-L9088" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e" logic_hash = "v1_sha256_8c88f91ab8ff231e4ab6e532b8d71ba810fa62e684dec7fff6b74c4f85a96f65" score = 40 @@ -277809,8 +277809,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Amifldrvsys_Windowsrwindd date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9091-L9111" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9091-L9111" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "38d87b51f4b69ba2dae1477684a1415f1a3b578eee5e1126673b1beaefee9a20" hash = "ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f" logic_hash = "v1_sha256_fb233e5c3cd88ab1450d3371b2f916af9dc8f0b5ffd145e47ad2f0678495b630" @@ -277840,8 +277840,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Inferre_Hwdetectngsys_Hwdetectngsys_D456 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9114-L9135" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9114-L9135" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d45600f3015a54fa2c9baa7897edbd821aeea2532e6aadb8065415ed0a23d0c2" hash = "43136de6b77ef85bc661d401723f38624e93c4408d758bc9f27987f2b4511fee" hash = "2f8b68de1e541093f2d4525a0d02f36d361cd69ee8b1db18e6dd064af3856f4f" @@ -277872,8 +277872,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Adlicesoftware_Truesight_Truesight_BFC2 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9138-L9157" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9138-L9157" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "bfc2ef3b404294fe2fa05a8b71c7f786b58519175b7202a69fe30f45e607ff1c" logic_hash = "v1_sha256_31bf547d77d003653090c31588635255d5983e179146bf53b5624dc3fdcf8422" score = 40 @@ -277902,8 +277902,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9160-L9179" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9160-L9179" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "87b4c5b7f653b47c9c3bed833f4d65648db22481e9fc54aa4a8c6549fa31712b" logic_hash = "v1_sha256_e1bf0fb9255ba7cd386ac0d51ce1d22ffde535a0064683f2178fac388b6944a0" score = 40 @@ -277932,8 +277932,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Highresolutionenterpriseswwwhighrezcouk_Inpoutxs date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9182-L9203" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9182-L9203" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f581decc2888ef27ee1ea85ea23bbb5fb2fe6a554266ff5a1476acd1d29d53af" hash = "f8965fdce668692c3785afa3559159f9a18287bc0d53abb21902895a8ecf221b" hash = "2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d" @@ -277964,8 +277964,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_12ED : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9206-L9225" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9206-L9225" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "12eda8b65ed8c1d80464a0c535ea099dffdb4981c134294cb0fa424efc85ee56" logic_hash = "v1_sha256_9c43c1e37bcc87d616e8d7fa1a610b4d3f28b60d2203d0e466939a41b1a8a7d7" score = 40 @@ -277994,8 +277994,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_FF1C : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9228-L9247" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9228-L9247" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ff1ccef7374a1a5054a6f4437e3e0504b14ed76e17090cc6b1a4ec0e2da427a5" logic_hash = "v1_sha256_ee97df01a31ceb88274de9890887f6203bee9b173a2034ad4570a9bb92d13dd2" score = 40 @@ -278024,8 +278024,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_EBE2 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9250-L9269" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9250-L9269" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ebe2e9ec6d5d94c2d58fbcc9d78c5f0ee7a2f2c1aed6d1b309f383186d11dfa3" logic_hash = "v1_sha256_4f671c0023ef9bbb82a3fdd328709bb9c2a579fbef7f0a348b01fd4188ded3d4" score = 40 @@ -278054,8 +278054,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtierforwindows_V_CA34 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9272-L9290" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9272-L9290" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ca34f945117ec853a713183fa4e8cf85ea0c2c49ca26e73d869fee021f7b491d" logic_hash = "v1_sha256_20276f0c10cef963957e6f868643166567862b89124d96371b80dfe217eab4b6" score = 40 @@ -278083,8 +278083,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_46D1 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9293-L9315" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9293-L9315" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "46d1dc89cc5fa327e7adf3e3d6d498657240772b85548c17d2e356aac193dd28" hash = "dafa4459d88a8ab738b003b70953e0780f6b8f09344ce3cd631af70c78310b53" hash = "4c2d2122ef7a100e1651f2ec50528c0d1a2b8a71c075461f0dc58a1aca36bc61" @@ -278116,8 +278116,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Corsairmemoryinc_Corsairllaccess_Corsairllaccess date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9318-L9338" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9318-L9338" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a334bdf0c0ab07803380eb6ef83eefe7c147d6962595dd9c943a6a76f2200b0d" hash = "000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b" logic_hash = "v1_sha256_881222a52349787251b723640a42b468e4d3f8ee614329de61d7816b00beb9ff" @@ -278147,8 +278147,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_1C12 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9341-L9360" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9341-L9360" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1c1251784e6f61525d0082882a969cb8a0c5d5359be22f5a73e3b0cd38b51687" logic_hash = "v1_sha256_d8f6326a34caddc2c91ac47e57ed022086bea7122203f166cd5e3176c369a3e4" score = 40 @@ -278177,8 +278177,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_4BC0 : F date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9363-L9382" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9363-L9382" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4bc0921ffd4acc865525d3faf98961e8decc5aec4974552cbbf2ae8d5a569de4" logic_hash = "v1_sha256_1f138a336f979f9a4a75796cdd6cab5716a17f1ded02350db64a6ec618c7a1dd" score = 40 @@ -278207,8 +278207,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Iobitinformationtechnology_Iobitunlockersys_Unlo date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9385-L9404" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9385-L9404" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004" logic_hash = "v1_sha256_1a7df58e346f6ae2224163302bbc14815c6d612c1414b59663d3d9f730925499" score = 40 @@ -278237,8 +278237,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtierforwindows_V_C190 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9407-L9425" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9407-L9425" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c190e4a7f1781ec9fa8c17506b4745a1369dcdf174ce07f85de1a66cf4b5ed8a" logic_hash = "v1_sha256_44017c1fab02aec40335b310646d9760ce4db2da785d08a430442a5afe9d4887" score = 40 @@ -278266,8 +278266,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9428-L9447" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9428-L9447" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4" logic_hash = "v1_sha256_beca5e85d2b29d6a37e9d783facf37bb375095ae5d47a8a2eff663afbc22ffc3" score = 40 @@ -278296,8 +278296,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9450-L9469" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9450-L9469" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7d43769b353d63093228a59eb19bba87ce6b552d7e1a99bf34a54eee641aa0ea" logic_hash = "v1_sha256_5c3addc4d27338e1ed76b65327198acef97969b13e6ac8284153fcc1fd992b4d" score = 40 @@ -278326,8 +278326,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_7337 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9472-L9492" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9472-L9492" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "733789d0a253e8d80cc3240e365b8d4274e510e36007f6e4b5fd13b07b084c3e" hash = "d1463b7fec911c10a8c96d84eb7c0f9e95fa488d826647a591a38c0593f812a4" logic_hash = "v1_sha256_9f3772548952491a3c20cdecdba491017a7bb7c113360feae778426539e5d9b8" @@ -278357,8 +278357,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_ADC1 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9495-L9514" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9495-L9514" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "adc10de960f40fa9f6e28449748250fa9ddfd331115b77a79809a50c606753ee" logic_hash = "v1_sha256_896055705d276e007082616e944be968d90087798e3c4cfcc35c3ecaf3a781b0" score = 40 @@ -278387,8 +278387,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Sbiosiosys_Samsungrbiosio date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9517-L9537" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9517-L9537" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1e24c45ce2672ee403db34077c88e8b7d7797d113c6fd161906dce3784da627d" hash = "39336e2ce105901ab65021d6fdc3932d3d6aab665fe4bd55aa1aa66eb0de32f0" logic_hash = "v1_sha256_d9be90591690481e778ebb8a18c633d7ceccdaafa3989352d94bd1995e3470f4" @@ -278418,8 +278418,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9540-L9559" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9540-L9559" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "94911fe6f2aba9683b10353094caf71ee4a882de63b4620797629d79f18feec5" logic_hash = "v1_sha256_45bd63fd965c9c40b0d687af623f58922c708608a25e58b2c1ad436312e6284d" score = 40 @@ -278448,8 +278448,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Fujitsulimited_Advdrvsys_Microsoftrwindowsropera date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9562-L9580" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9562-L9580" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "04a85e359525d662338cae86c1e59b1d7aa9bd12b920e8067503723dc1e03162" logic_hash = "v1_sha256_7b98ca983166c65065b6fe146957ac438426c0ad2566016e0a61ca3be68f163e" score = 40 @@ -278477,8 +278477,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9583-L9602" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9583-L9602" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ff9623317287358440ec67da9ba79994d9b17b99ffdd709ec836478fe1fc22a5" logic_hash = "v1_sha256_d47eec2132d31ce4f4009456805e7b75e43054edf13c3f056416638cf3928e41" score = 40 @@ -278507,8 +278507,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxtapsys_Virtualboxhostinte date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9605-L9624" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9605-L9624" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cfa28e2f624f927d4cbd2952306570d86901d2f24e3d07cc6277e98289d09783" logic_hash = "v1_sha256_1fefb271c505de9c1d08d558a53f8150cb8724b1b97ac2014f30d2c593f05f6b" score = 40 @@ -278537,8 +278537,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Generalelectriccompany_Gedevicedriver_Proficymac date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9627-L9647" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9627-L9647" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a369942ce8d4b70ebf664981e12c736ec980dbe5a74585dd826553c4723b1bce" hash = "ae73dd357e5950face9c956570088f334d18464cd49f00c56420e3d6ff47e8dc" logic_hash = "v1_sha256_e9af30ff414f7c42b656519453924a90be7cf567c5d5ac6c29713d6799a369c1" @@ -278568,8 +278568,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_85FD : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9650-L9669" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9650-L9669" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "85fdd255c5d7add25fd7cd502221387a5e11f02144753890218dd31a8333a1a3" logic_hash = "v1_sha256_dd2e7c64c1f0139e2c365e8f726e026c66857334dbfd29eda3ebffa483677b5f" score = 40 @@ -278598,8 +278598,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_7CF7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9672-L9691" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9672-L9691" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7cf756afcaf2ce4f8fb479fdede152a17eabf4c5c7c329699dab026a4c1d4fd0" logic_hash = "v1_sha256_f6570bb8a690a21b67637f265f36dbe8a3adb63e30c025216c25df73099ad173" score = 40 @@ -278628,8 +278628,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_7795 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9694-L9713" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9694-L9713" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c" logic_hash = "v1_sha256_f59507fdf64c5eca6139f149595b9919704fead73d4e66c93630ca6cf9582a82" score = 40 @@ -278658,8 +278658,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_B019 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9716-L9735" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9716-L9735" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b019ebd77ac19cdd72bba3318032752649bd56a7576723a8ae1cccd70ee1e61a" logic_hash = "v1_sha256_1ef6c4c199fad08babe5f4484444c157dfcfea891f392682689cf2df34088179" score = 40 @@ -278688,8 +278688,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevicesinc_Amdpowerprofilersys_Amdu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9738-L9757" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9738-L9757" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05" logic_hash = "v1_sha256_ac1fd75b411624e0f4cd6d455a61e1ac3c08d421182c4f9eb90698ee29eff77a" score = 40 @@ -278718,8 +278718,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_074A : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9760-L9779" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9760-L9779" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "074ae477c8c7ae76c6f2b0bf77ac17935a8e8ee51b52155d2821d93ab30f3761" logic_hash = "v1_sha256_b76e7a17aa7da3d6a1972a40fbcaa4ca63edb4220b07d807ee54fea649b13a6d" score = 40 @@ -278748,8 +278748,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_98B7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9782-L9801" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9782-L9801" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "98b734dda78c16ebcaa4afeb31007926542b63b2f163b2f733fa0d00dbb344d8" logic_hash = "v1_sha256_db97be0a54fc813022a609ffdabe0e0cff306ef894c560f75a43a4aa890590d5" score = 40 @@ -278778,8 +278778,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtierforwindows_V_7A2C : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9804-L9822" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9804-L9822" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7a2cd1dc110d014165c001ce65578da0c0c8d7d41cc1fa44f974e8a82296fc25" logic_hash = "v1_sha256_01badc48c33814577b1a6000b4ff46473b48f85d8f8e8d6071d26b81d3cde22d" score = 40 @@ -278807,8 +278807,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_9A95 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9825-L9841" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9825-L9841" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c" logic_hash = "v1_sha256_3b699e2afa7e4c4284d725cc159b46a609e4020703bc0efc7ba6563084d67f0e" score = 40 @@ -278834,8 +278834,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_19BF : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9844-L9863" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9844-L9863" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "19bf0d0f55d2ad33ef2d105520bde8fb4286f00e9d7a721e3c9587b9408a0775" logic_hash = "v1_sha256_b05c520a5816f2dc7a35319f7f5d11001c5d64cdee479e213ac95950acf26bfc" score = 40 @@ -278864,8 +278864,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_2BBC : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9866-L9882" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9866-L9882" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1" logic_hash = "v1_sha256_d311a2d88741100de1ca65107b08418f0d5a3fc44e4e388faf3434f9fec77dcc" score = 40 @@ -278891,8 +278891,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Logitechinc_Lvavsys_Logitechwebcamsoftware_E86C date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9885-L9904" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9885-L9904" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4" logic_hash = "v1_sha256_ffab2936594602db403cd2aa85e7dffdcb10ec199fe857b947ae3214492106d4" score = 40 @@ -278921,8 +278921,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Getactechnologycorporation_Mtcbsvsys_Getacsystem date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9907-L9926" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9907-L9926" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e6d1ee0455068b74cf537388c874acb335382876aa9d74586efb05d6cc362ae5" logic_hash = "v1_sha256_bdd3eb671365ee774f50c3bbffc33aaffb3651f92101a133d1ddcc8b4a495e8f" score = 40 @@ -278951,8 +278951,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Hpinc_Hpportioxsys_Hpportio_C505 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9929-L9948" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9929-L9948" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5" logic_hash = "v1_sha256_6174ef1374e0dfd523f7dcdbbdaab1002a95040c1a33f26bf5145d5dcbf87b08" score = 40 @@ -278981,8 +278981,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiowxsys_Realtekiodriver_AB8F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9951-L9970" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9951-L9970" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89" logic_hash = "v1_sha256_9be0907f77c5d4803a1ad7ac79cc42c15807a5b2d43e00a2448c6278ad5ea6c4" score = 40 @@ -279011,8 +279011,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9973-L9992" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9973-L9992" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2ce81759bfa236913bbbb9b2cbc093140b099486fd002910b18e2c6e31fdc4f1" logic_hash = "v1_sha256_0ac2638aaea5a401222d1451281ba8dba8fe4ef43da24e5eecbdd6d57f7b1dbb" score = 40 @@ -279041,8 +279041,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxtapsys_Virtualboxhostinterfacene date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L9995-L10014" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L9995-L10014" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "994f322def98c99aec7ea0036ef5f4b802120458782ae3867d116d55215c56e4" logic_hash = "v1_sha256_25e4171bb112adf44101ca24c7d88e8a11a487b3c41d1f9eed29129c5621456b" score = 40 @@ -279071,8 +279071,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_9254 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10017-L10036" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10017-L10036" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9254f012009d55f555418ff85f7d93b184ab7cb0e37aecdfdab62cfe94dea96b" logic_hash = "v1_sha256_cfe16d39c54ccb7ceca1e0fc1033a4d67a0bc9c62c27dcefabe07b68b947e688" score = 40 @@ -279101,8 +279101,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10039-L10058" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10039-L10058" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3af9c376d43321e813057ecd0403e71cafc3302139e2409ab41e254386c33ecb" logic_hash = "v1_sha256_84d9015bf6ddbfcd60052a6ffcf4bfa6a2c2f8748b3b7f21ad65c1c8377dc3cb" score = 40 @@ -279131,8 +279131,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_4429 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10061-L10081" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10061-L10081" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b" hash = "a59c40e7470b7003e8adfee37c77606663e78d7e3f2ebb8d60910af19924d8df" logic_hash = "v1_sha256_3dd4326755957e11ca961eb87d0ccae5b63dc7ea4e9dc8e9c67e9c6d52bf894b" @@ -279162,8 +279162,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiowxsys_Realtekiodriver_32E1 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10084-L10103" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10084-L10103" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993" logic_hash = "v1_sha256_fd106f69d83d2b1aeb1fdaf16f5809b0fd0d200dec00292efd9bd62422e518a8" score = 40 @@ -279192,8 +279192,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Micsystechnologycoltd_Msiosys_Msiodriverversion_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10106-L10125" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10106-L10125" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89" logic_hash = "v1_sha256_910724e7bac9c9c83e703be52e43f4cd88dda344127f2ebc7aee01981467e9e7" score = 40 @@ -279222,8 +279222,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10128-L10147" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10128-L10147" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1078af0c70e03ac17c7b8aa5ee03593f5decfef2f536716646a4ded1e98c153c" logic_hash = "v1_sha256_e565dcf1bdc8ebaf90c1e42bf3e72ce561cb95f5977809fb9082bb430353dd9b" score = 40 @@ -279252,8 +279252,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10150-L10169" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10150-L10169" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "26c28746e947389856543837aa59a5b1f4697e5721a04d00aa28151a2659b097" logic_hash = "v1_sha256_2a6f460b66c7e94dfead7bdb3dc46a181ba2e33b40fca1812f0b412daf0a46c4" score = 40 @@ -279282,8 +279282,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Interfacecorporation_Cpxcsys_Gpcxcdiobmpcicpci_0 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10172-L10192" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10172-L10192" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "05c15a75d183301382a082f6d76bf3ab4c520bf158abca4433d9881134461686" hash = "4b4ea21da21a1167c00b903c05a4e3af6c514ea3dfe0b5f371f6a06305e1d27f" logic_hash = "v1_sha256_485222f31dbe1e486e86c64b607de6742747b3ab2571adfc8c210205032b380b" @@ -279313,8 +279313,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_CC68 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10195-L10214" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10195-L10214" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64" logic_hash = "v1_sha256_26f1740a069d238aadb1922512e23184cb3cf34d9ef1ff1b942755a49fbd48b0" score = 40 @@ -279343,8 +279343,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_A209 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10217-L10236" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10217-L10236" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a2096b460e31451659b0dde752264c362f47254c8191930bc921ff16a4311641" logic_hash = "v1_sha256_33238c8b189c5aabe45b238a44fde02b6f9436329c8700ff5b64505784438e69" score = 40 @@ -279373,8 +279373,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrcodenamelonghornddkprovider_Cpudriver_Wi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10239-L10258" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10239-L10258" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980" logic_hash = "v1_sha256_e4bcd8644bcc82c63d9d963aeb9a0a4250d8b3be3fb1122156148f4582fe6d48" score = 40 @@ -279403,8 +279403,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Proxydrvsys_Nn_0B20 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10261-L10280" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10261-L10280" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0b205838a8271daea89656b1ec7c5bb7244c42a8b8000d7697e92095da6b9b94" logic_hash = "v1_sha256_04460d4fa04b60519b0479baab3e07b389dfe255f43b3dcea3d13ca33dc84ded" score = 40 @@ -279433,8 +279433,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_1DDF : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10283-L10302" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10283-L10302" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1ddfe4756f5db9fb319d6c6da9c41c588a729d9e7817190b027b38e9c076d219" logic_hash = "v1_sha256_23a5fb0826068df015769d604ff393d7d649b919efabd237a004c6946a358448" score = 40 @@ -279463,8 +279463,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_654C : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10305-L10324" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10305-L10324" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "654c5ba47f74008c8f49cbb97988017eec8c898adc3bb851bc6e1fdf9dcf54ad" logic_hash = "v1_sha256_f494a64914971b82f191becf020023de1139e5f466e5c1db9912d1d1edbdd0f2" score = 40 @@ -279493,8 +279493,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Marvintestsolutionsinc_Hwsys_Hw_FD38 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10327-L10347" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10327-L10347" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c" hash = "6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5" logic_hash = "v1_sha256_9307a3f6003f6b88d4384aad37803597d7444bcfae806a9f3d59c9a1e59d56e5" @@ -279524,8 +279524,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10350-L10369" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10350-L10369" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6e0aa67cfdbe27a059cbd066443337f81c5b6d37444d14792d1c765d9d122dcf" logic_hash = "v1_sha256_79370b21c6049790a259feebf590222ef8c57bb1564401d68a960ae2c547639a" score = 40 @@ -279554,8 +279554,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10372-L10391" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10372-L10391" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "a2f45d95d54f4e110b577e621fefa0483fa0e3dcca14c500c298fb9209e491c1" logic_hash = "v1_sha256_7fc1a629395b0558eecf2744dcb121a5b2cdbd51f4291a679f9526f21c4f21c0" score = 40 @@ -279584,8 +279584,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Aoddriversys_Amdoverdrivese date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10394-L10413" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10394-L10413" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "81d54ebef1716e195955046ffded498a5a7e325bf83e7847893aa3b0b3776d05" logic_hash = "v1_sha256_fc91d46473eecbc49e074df0c05a1dfee352d3607f9393a6836e37a1c071bdf6" score = 40 @@ -279614,8 +279614,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_EC9B : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10416-L10435" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10416-L10435" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ec9bd7fb90c3a2aa4605bd73fe1f74399e2cda75fd4c5fff84660ad4f797c4fe" logic_hash = "v1_sha256_e16906686623895cf9d6e3c58701f32d44b50b1fe85b95dcf3a8978a62f06a3c" score = 40 @@ -279644,8 +279644,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_D7C7 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10438-L10457" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10438-L10457" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d7c79238f862b471740aff4cc3982658d1339795e9ec884a8921efe2e547d7c3" logic_hash = "v1_sha256_146b74a7750951a07d2e8b64d25e0c0371fc6295b2ee843cf6a7d67c272555a7" score = 40 @@ -279674,8 +279674,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorporation_Nvflash_Nvidiaflashdriver_AFDD date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10460-L10479" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10460-L10479" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508" logic_hash = "v1_sha256_f23537a1efc5e13efb9e145d6c04bb21c3dc7cd49d1913755528f08b94c316ac" score = 40 @@ -279704,8 +279704,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_F85E : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10482-L10501" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10482-L10501" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f85eb576acb5db0d2f48e5f09a7244165a876fa1ca8697ebb773e4d7071d4439" logic_hash = "v1_sha256_71bef9b60efad8f7bc149d93b94c37e59fd42f01ee01d7964c39ef0d79b997e0" score = 40 @@ -279734,8 +279734,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublicb date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10504-L10523" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10504-L10523" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "26f41e4268be59f5de07552b51fa52d18d88be94f8895eb4a16de0f3940cf712" logic_hash = "v1_sha256_913dc412be3eaa31903d3fac94e07174789bb746bb382a5f1c08fea50541f6c6" score = 40 @@ -279764,8 +279764,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3C42 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10526-L10545" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10526-L10545" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3c4207c90c97733fae2a08679d63fbbe94dfcf96fdfdf88406aa7ab3f80ea78f" logic_hash = "v1_sha256_b3e67939d8f6e6121c3d36dfe5ccb01c9cd2a2d5488053a9834c7cb147ac250e" score = 40 @@ -279794,8 +279794,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Atsziosys_Atsziodriver_55A1 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10548-L10568" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10548-L10568" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "55a1535e173c998fbbc978009b02d36ca0c737340d84ac2a8da73dfc2f450ef9" hash = "c64d4ac416363c7a1aa828929544d1c1d78cf032b39769943b851cfc4c0faafc" logic_hash = "v1_sha256_a6c5fd6c88e08f663479840ae853a0dd22427d0059f0c6aa961dcc1a395dacce" @@ -279825,8 +279825,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Sbiosiosys_Samsungrbiosio date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10571-L10591" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10571-L10591" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b3d1bdd4ad819b99870b6e2ed3527dfc0e3ce27b929ad64382b9c3d4e332315c" hash = "442d506c1ac1f48f6224f0cdd64590779aee9c88bdda2f2cc3169b862cba1243" logic_hash = "v1_sha256_5bcc568a4f4edc03e51801c4b256b34ed7f7ae08b7e00ca3f4bd7559502e3c76" @@ -279856,8 +279856,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_1AAF : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10594-L10613" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10594-L10613" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b" logic_hash = "v1_sha256_e441204be274ce4379526096008b545e2a53b11c26c270c2df0c1f70b98d1e57" score = 40 @@ -279886,8 +279886,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10616-L10635" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10616-L10635" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1698ba7eeee6ff9272cc25b242af89190ff23fd9530f21aa8f0f3792412594f3" logic_hash = "v1_sha256_be362e0f19f3565a77b1dbd78ea04f85b7f56fd6889d8fa48ed9ded25134bc2e" score = 40 @@ -279916,8 +279916,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_C901 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10638-L10657" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10638-L10657" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c9014b03866bf37faa8fdb16b6af7cfec976aaef179fd5797d0c0bf8079d3a8c" logic_hash = "v1_sha256_2320a0cc02aa28c6495f553b2c7c9c0486599e510d8378dfb3f15b988ff90983" score = 40 @@ -279946,8 +279946,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Symanteccorporation_Vproeventmonitorsys_Symantec date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10660-L10679" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10660-L10679" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7877c1b0e7429453b750218ca491c2825dae684ad9616642eff7b41715c70aca" logic_hash = "v1_sha256_693ace66d01afcdd61fe23a3baa8b950153d38bdc386a43861005654c269cd3d" score = 40 @@ -279976,8 +279976,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wj_Kprocesshacker_C725 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10682-L10700" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10682-L10700" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c" logic_hash = "v1_sha256_78c3a92f79cbbc31d9191da527bf834e366454f1b5109600aca7954ca4e77226" score = 40 @@ -280005,8 +280005,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_7AD0 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10703-L10722" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10703-L10722" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7ad0ab23023bc500c3b46f414a8b363c5f8700861bc4745cecc14dd34bcee9ed" logic_hash = "v1_sha256_2cfb950364b5259679e0dcc7ebe34fd6703ae376b5e1717428a88f0c2ba823f5" score = 40 @@ -280035,8 +280035,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_83A1 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10725-L10744" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10725-L10744" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "83a1fabf782d5f041132d7c7281525f6610207b38f33ff3c5e44eb9444dd0cbc" logic_hash = "v1_sha256_16b76760cc8831b7e53cb5f12625cd1dcd059253aa195d763011ccc1cf48a2c5" score = 40 @@ -280065,8 +280065,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_C082 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10747-L10766" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10747-L10766" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c082514317bf80a2f5129d84a5a55e411a95e32d03a4df1274537704c80e41dd" logic_hash = "v1_sha256_de63522d95ff422588d388c3533e268bd09fcf895d60277b7f7470ca7b1e9a33" score = 40 @@ -280095,8 +280095,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Creativetechnologyinnovationcoltd_Ctiiosys_Ctiio date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10769-L10788" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10769-L10788" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109" logic_hash = "v1_sha256_58b715cbea724f7d8f946f613ec35fc3bf29cc34c1e32ebc2910d73092f96d83" score = 40 @@ -280125,8 +280125,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ssmartsoftwaresolutionsgmbh_Sysdrvs_Sysdrvs_0E53 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10791-L10810" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10791-L10810" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0e53b58415fa68552928622118d5b8a3a851b2fc512709a90b63ba46acda8b6b" logic_hash = "v1_sha256_4d165a6f340f31b18e62ae9f35dd1c5e278217b949e6162119f0e512a262dc38" score = 40 @@ -280155,8 +280155,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_14AD : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10813-L10832" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10813-L10832" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "14adbf0bc43414a7700e5403100cff7fc6ade50bebfab16a17acf2fdda5a9da8" logic_hash = "v1_sha256_157a559b87310d33a96c77208afd4ae9ceea23df99417408e413dee0be507dd3" score = 40 @@ -280185,8 +280185,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Geintelligentplatformsinc_Gedevicedriver_Proficy date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10835-L10855" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10835-L10855" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cac5dc7c3da69b682097144f12a816530091d4708ca432a7ce39f6abe6616461" hash = "51145a3fa8258aac106f65f34159d23c54b48b6d54ec0421748b3939ab6778eb" logic_hash = "v1_sha256_f3c26142b2f18490c79ea7a658397b9c029286a3040bf2159e3fcc76c4bbd788" @@ -280216,8 +280216,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrserverddkprovider_Cpuzsys_Windowsrserver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10858-L10877" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10858-L10877" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "3871e16758a1778907667f78589359734f7f62f9dc953ec558946dcdbe6951e3" logic_hash = "v1_sha256_5613c77f79128bc7ac3bbe698dcd8be2fca2f59cb60a40ed97f0c80ba9aff690" score = 40 @@ -280246,8 +280246,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Lowleveldriver_F941 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10880-L10896" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10880-L10896" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f9418b5e90a235339a4a1a889490faca39cd117a51ba4446daa1011da06c7ecd" logic_hash = "v1_sha256_fdc81fdc11ac6db386f4c41c2c34ab9dbd8dd93836a6a91b9412288eca7f0411" score = 40 @@ -280273,8 +280273,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_37C6 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10899-L10918" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10899-L10918" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9" logic_hash = "v1_sha256_7ab6c3fe4c9cd61c171a71d631a8efc34121bac85e1abf5f281b150f4b6a77a5" score = 40 @@ -280303,8 +280303,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Toshibacorporation_Nchgbiosxsys_Toshibabiospacka date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10921-L10940" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10921-L10940" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073" logic_hash = "v1_sha256_ce2da14c74299d4ad3ab5b882de8bfe810444f21711f2417291bd0298a480e71" score = 40 @@ -280333,8 +280333,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_5439 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10943-L10960" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10943-L10960" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91" hash = "ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd" logic_hash = "v1_sha256_d43a364d3f39951140fa3b3395f1d74c306558a6c6946f665873e72377345949" @@ -280361,8 +280361,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10963-L10982" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10963-L10982" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb" logic_hash = "v1_sha256_7e1f69495559ca298a05ef6fb3817799b09d66013bae574ec585d27ef89b4dcc" score = 40 @@ -280391,8 +280391,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_DE8F : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L10985-L11001" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L10985-L11001" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c" logic_hash = "v1_sha256_0cb5b26dd0cd26c77df642ea6bfffdcede293cdb1ecc15430241ab538f835162" score = 40 @@ -280418,8 +280418,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11004-L11023" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11004-L11023" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0fc0644085f956706ea892563309ba72f0986b7a3d4aa9ae81c1fa1c35e3e2d3" logic_hash = "v1_sha256_be5fef829971251225d9cbb72d173affd394c8cce6116b0b705c4b02409b6096" score = 40 @@ -280448,8 +280448,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Supermicrocomputerinc_Phymem_Phymem_1963 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11026-L11045" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11026-L11045" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52" logic_hash = "v1_sha256_8f4cdca4c4bc91f216ee3d89093d482d6e56623a159c3eae6debc388cb9d108f" score = 40 @@ -280478,8 +280478,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11048-L11068" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11048-L11068" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1" hash = "98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb" logic_hash = "v1_sha256_ee91ed74d1577bc881a029a6790de6d41e0b9494bfeeceec4511b3d8b7c5cff2" @@ -280509,8 +280509,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublic_ date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11071-L11090" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11071-L11090" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "cfb7af8ac67a379e7869289aeee21837c448ea6f8ab6c93988e7aa423653bd40" logic_hash = "v1_sha256_8611a572b8366722e237d622b3701072f564f13a73dd71899dbde6faeab73ef8" score = 40 @@ -280539,8 +280539,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxdrvsys_Sunvirtualbox_R_C8 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11093-L11112" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11093-L11112" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c8940e2e9b069ec94f9f711150b313b437f8429f78d522810601b6ee8b52bada" logic_hash = "v1_sha256_4f0a6ffa08a2c219e47c6ae13f6cc6914fe7d0dccb0273bf0905dd9a71eb439f" score = 40 @@ -280569,8 +280569,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Pinduoduoltdcorp_Vboxdrv_Pinduoduosecurevdi_9DAB date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11115-L11134" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11115-L11134" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9dab4b6fddc8e1ec0a186aa8382b184a5d52cfcabaaf04ff9e3767021eb09cf4" logic_hash = "v1_sha256_894060011b20c84849499127305d8f1d45621c5893f74d59c9278067a329a4d2" score = 40 @@ -280599,8 +280599,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_18DE : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11137-L11156" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11137-L11156" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "18deed37f60b6aa8634dda2565a0485452487d7bce88afb49301a7352db4e506" logic_hash = "v1_sha256_d01aeb1783377e6067976e6955e63495706c96c8d6c113b393a47e6fe17992f0" score = 40 @@ -280629,8 +280629,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11159-L11178" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11159-L11178" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8cfd5b2102fbc77018c7fe6019ec15f07da497f6d73c32a31f4ba07e67ec85d9" logic_hash = "v1_sha256_5bc5d8a6cd02e9a684515ea333084c788353641cb29ff08f18a1066d533cf0ed" score = 40 @@ -280659,8 +280659,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_D5C4 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11181-L11200" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11181-L11200" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "d5c4ff35eaa74ccdb80c7197d3d113c9cd38561070f2aa69c0affe8ed84a77c9" logic_hash = "v1_sha256_d6ad094f2e26ff574917770a94af31110f2ed68e47ee082ad4adfcd7376679a5" score = 40 @@ -280689,8 +280689,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wj_Kprocesshacker_7021 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11203-L11221" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11203-L11221" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4" logic_hash = "v1_sha256_e5d17a5b57183c3a27815b5b64014e9d95f49129cd451c62380ba8e1b4d25be6" score = 40 @@ -280718,8 +280718,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_76E8 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11224-L11243" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11224-L11243" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "76e807b6c0214e66455f09a8de8faad40b738982ca84470f0043de0290449524" logic_hash = "v1_sha256_0a9822cd471bb7fdaab454e824e31e1dcd685f9226c4fa34af4f13dd228dc97b" score = 40 @@ -280748,8 +280748,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_5148 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11246-L11265" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11246-L11265" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "51480eebbbfb684149842c3e19a8ffbd3f71183c017e0c4bc6cf06aacf9c0292" logic_hash = "v1_sha256_b36414a71e9bd69512ef0c702bf4f7b4bfdb812326a67a0e50f6f75f5c89c152" score = 40 @@ -280778,8 +280778,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Biostargroup_Iodriver_Biostariodriver_1D03 : FIL date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11268-L11287" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11268-L11287" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8" logic_hash = "v1_sha256_26e886b28b40a920558a652197a0d7a31fc5f7b239d3886fdf0f44da4590dabb" score = 40 @@ -280808,8 +280808,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11290-L11309" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11290-L11309" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e2e79f1e696f27fa70d72f97e448081b1fa14d59cbb89bb4a40428534dd5c6f6" logic_hash = "v1_sha256_9f77c427b54f1a940547cfc206b8d1aed0288d0664a5a124785c7fcec7b90507" score = 40 @@ -280838,8 +280838,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11312-L11331" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11312-L11331" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b2247e68386c1bdfd48687105c3728ebbad672daffa91b57845b4e49693ffd71" logic_hash = "v1_sha256_e1d35eb3ea6012cf8b742e97f08d797b4fd64bcc72bd7ebccb8ca33f11afad67" score = 40 @@ -280868,8 +280868,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_5F69 : FI date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11334-L11353" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11334-L11353" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5f69d6b167a1eeca3f6ac64785c3c01976ee7303171faf998d65852056988683" logic_hash = "v1_sha256_0242a0398f90468dfc41eb04570a70d5072fe089b270feb1f5ab7fbd2c7a1ffc" score = 40 @@ -280898,8 +280898,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_5E3B : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11356-L11375" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11356-L11375" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "5e3bc2d7bc56971457d642458563435c7e5c9c3c7c079ef5abeb6a61fb4d52ea" logic_hash = "v1_sha256_893fe9de3a164fd33483d139e76db4c213c402f276bd285c9acefd76da1d2f38" score = 40 @@ -280928,8 +280928,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11378-L11397" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11378-L11397" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9dee9c925f7ea84f56d4a2ad4cf9a88c4dac27380887bf9ac73e7c8108066504" logic_hash = "v1_sha256_e7f65896009629498b16fdacd7dcdaafae8336365e621f791e880c108bbab75b" score = 40 @@ -280958,8 +280958,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_9679 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11400-L11419" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11400-L11419" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "9679758455c69877fce866267d60c39d108b495dca183954e4af869902965b3d" logic_hash = "v1_sha256_fa486cd644c20c827abc8568933d8537c254cff445f2aef520775e119b6db067" score = 40 @@ -280988,8 +280988,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_8137 : FILE date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11422-L11441" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11422-L11441" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8137ce22d0d0fc5ea5b174d6ad3506a4949506477b1325da2ccb76511f4c4f60" logic_hash = "v1_sha256_cd4ace0ee1000ec8367bdca57423f311d0993d54359e4b3ca6a503738ba07b3b" score = 40 @@ -281018,8 +281018,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asmediatechnologyinc_Asmiosys_Asmediapcidriver_E date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11444-L11463" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11444-L11463" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e4658d93544f69f5cb9aa6d9fec420fecc8750cb57e1e9798da38c139d44f2eb" logic_hash = "v1_sha256_93c9c472f0664eabf5aeba70babe66f974fd79eaf37b65987c396e35faea4d4b" score = 40 @@ -281048,8 +281048,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_4DA0 : date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_vuln_drivers_strict.yar#L11466-L11485" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_vuln_drivers_strict.yar#L11466-L11485" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "4da08c0681fbe028b60a1eaf5cb8890bd3eba4d0e6a8b976495ddcd315e147ba" logic_hash = "v1_sha256_c8f2c5a171d1a7192a2eaeae0ab70ce97956b93e68db7a41265e54480bd582f1" score = 40 @@ -281078,8 +281078,8 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Windbgsys_Microsoftwindowsoperat date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L2-L37" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L2-L37" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77" hash = "5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d" hash = "ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620" @@ -281124,8 +281124,8 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_AAF0 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L40-L98" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L40-L98" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "aaf04d89fd15bc61265e545f8e1da80e20f59f90058ed343c62ee24358e3af9e" hash = "4b97d63ebdeda6941bb8cef5e94741c6cca75237ca830561f2262034805f0919" hash = "c42c1e5c3c04163bf61c3b86b04a5ec7d302af7e254990cef359ac80474299da" @@ -281193,8 +281193,8 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_DDF4 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L101-L134" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L101-L134" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "ddf427ce55b36db522f638ba38e34cd7b96a04cb3c47849b91e7554bfd09a69a" hash = "bcb774b6f6ff504d2db58096601bc5cb419c169bfbeaa3af852417e87d9b2aa0" hash = "af4f42197f5ce2d11993434725c81ecb6f54025110dedf56be8ffc0e775d9895" @@ -281237,8 +281237,8 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_0F58 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L137-L169" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L137-L169" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0f58e09651d48d2b1bcec7b9f7bb85a2d1a7b65f7a51db281fe0c4f058a48597" hash = "087270d57f1626f29ba9c25750ca19838a869b73a1f71af50bdf37d6ff776212" hash = "0d676baac43d9e2d05b577d5e0c516fba250391ab0cb11232a4b17fd97a51e35" @@ -281280,8 +281280,8 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_7662 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L172-L213" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L172-L213" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7662187c236003308a7951c2f49c0768636c492f8935292d02f69e59b01d236d" hash = "a85d3fd59bb492a290552e5124bfe3f9e26a3086d69d42ccc44737b5a66673ec" hash = "60ee78a2b070c830fabb54c6bde0d095dff8fad7f72aa719758b3c41c72c2aa9" @@ -281332,8 +281332,8 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_14B8 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L216-L265" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L216-L265" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "14b89298134696f2fd1b1df0961d36fa6354721ea92498a349dc421e79447925" hash = "36c65aeb255c06898ffe32e301030e0b74c8bca6fe7be593584b8fdaacd4e475" hash = "673bbc7fa4154f7d99af333014e888599c27ead02710f7bc7199184b30b38653" @@ -281392,8 +281392,8 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_41AD date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L268-L302" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L268-L302" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "41ad660820c41fc8b1860b13dc1fea8bc8cb2faceb36ed3e29d40d28079d2b1f" hash = "a7a665a695ec3c0f862a0d762ad55aff6ce6014359647e7c7f7e3c4dc3be81b7" hash = "9a42fa1870472c38a56c0a70f62e57a3cdc0f5bc142f3a400d897b85d65800ac" @@ -281437,8 +281437,8 @@ rule LOLDRIVERS_MAL_Driver_Sensecorp_42B2 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L305-L321" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L305-L321" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25" logic_hash = "v1_sha256_72e213913bf4317fa0751775e6a1a82ba2706e79c52fcd3e2c8ca69050e3a9d7" score = 70 @@ -281464,8 +281464,8 @@ rule LOLDRIVERS_MAL_Driver_Legalcorp_Pciexpressvideocapture_FD22 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L324-L342" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L324-L342" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8" logic_hash = "v1_sha256_4c47a159595f420c520e6924238bd260f49ccf163208713c72c62638b13756d9" score = 70 @@ -281493,8 +281493,8 @@ rule LOLDRIVERS_MAL_Driver_Gmer_Gmersys_Gmer_0052 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L345-L365" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L345-L365" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "0052aa88e42055a2eed5ddd17c3499c692360155e5e031a211edfcef577acce3" hash = "18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7" logic_hash = "v1_sha256_1644a972cb9bde33e5e8ec078b0ee67b34b6a298504895f364260b96a453a3ba" @@ -281524,8 +281524,8 @@ rule LOLDRIVERS_MAL_Driver_Mimidrv_Mimidrvmimikatz_2FAF date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L368-L384" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L368-L384" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2faf95a3405578d0e613c8d88d534aa7233da0a6217ce8475890140ab8fb33c8" logic_hash = "v1_sha256_e7b3f0a8f5a91896f7d487a39c622b12fc7488f9f80c80b6b551e7e5f6a67f18" score = 70 @@ -281551,8 +281551,8 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_2FD4 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L387-L408" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L387-L408" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "2fd43a749b5040ebfafd7cdbd088e27ef44341d121f313515ebde460bf3aaa21" hash = "7824931e55249a501074a258b4f65cd66157ee35672ba17d1c0209f5b0384a28" hash = "28f5aa194a384680a08c0467e94a8fc40f8b0f3f2ac5deb42e0f51a80d27b553" @@ -281583,8 +281583,8 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Ntbiosys_Microsoftrwindowsrntope date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L411-L431" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L411-L431" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c" hash = "96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc" logic_hash = "v1_sha256_74ad0b57644d82a77bc902786250156f5e3700671bdf9765055b5908dc345a67" @@ -281614,8 +281614,8 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Wintapixsys_Microsoftwindowsoper date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L434-L454" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L434-L454" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330" hash = "1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4e" logic_hash = "v1_sha256_dd85f0dc471425fe692e5a51580a97facdaea45505c48b5e01dd6dbc975f2ffe" @@ -281645,8 +281645,8 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Wantdsys_Microsoftwindowsoperati date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L457-L479" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L457-L479" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e" hash = "b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3" hash = "8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce" @@ -281678,8 +281678,8 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_30E0 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L482-L502" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L482-L502" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "30e083cd7616b1b969a92fd18cf03097735596cce7fcf3254b2ca344e526acc2" hash = "a906251667a103a484a6888dca3e9c8c81f513b8f037b98dfc11440802b0d640" logic_hash = "v1_sha256_e2c964f7e30da210778e8a2e5bb96d53485a0736cf3ff28bccbefacb6b46765a" @@ -281709,8 +281709,8 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Wantdsys_Microsoftwindowsoperati date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L505-L524" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L505-L524" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f" logic_hash = "v1_sha256_9cde0a399b852038979993375be2a6d0f9f9f760381e94df0190256e8810949f" score = 70 @@ -281739,8 +281739,8 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Srvnetsys_Microsoftwindowsoperat date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L527-L546" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L527-L546" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "f6c316e2385f2694d47e936b0ac4bc9b55e279d530dd5e805f0d963cb47c3c0d" logic_hash = "v1_sha256_ab1aea5cec71668c0e35ea149b9e537c8468738c3b3e70382ebedf51bb8729d0" score = 70 @@ -281769,8 +281769,8 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Wantdsys_Microsoftwindowsoperati date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L549-L568" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L549-L568" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1" logic_hash = "v1_sha256_ec9e321bbc89bffb6243e3edde45e60dc06513e88dfb9a262768ef081db60c5b" score = 70 @@ -281799,8 +281799,8 @@ rule LOLDRIVERS_MAL_Driver_773B date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L571-L585" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L571-L585" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "773b4a1efb9932dd5116c93d06681990759343dfe13c0858d09245bc610d5894" logic_hash = "v1_sha256_5e01850384ac0dc0e9f33e3e217e0e824cfe3c2bb46feff94dffa070f2f7c9a0" score = 70 @@ -281824,8 +281824,8 @@ rule LOLDRIVERS_MAL_Driver_Sensecorp_7F45 date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L588-L604" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L588-L604" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6" logic_hash = "v1_sha256_dbef723d7e44da110675402fc13708c5b077eeb6a66c1772885f5879d795ec4e" score = 70 @@ -281851,8 +281851,8 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Ndislansys_Microsoftwindowsopera date = "2024-08-07" modified = "2024-08-07" reference = "https://github.com/magicsword-io/LOLDrivers" - source_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/detections/yara/yara-rules_mal_drivers.yar#L607-L626" - license_url = "https://github.com/magicsword-io/LOLDrivers//blob/c9f1c82aac6d9d4c2e472375af843110e0f9b663/LICENSE" + source_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/detections/yara/yara-rules_mal_drivers.yar#L607-L626" + license_url = "https://github.com/magicsword-io/LOLDrivers//blob/23108d3a3a01afb30b93e1fd32d8f0a750159f4c/LICENSE" hash = "b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427" logic_hash = "v1_sha256_4b92b69636dea19a23172def47e9a1bbd4507075ec118b48db30fec377b8fbff" score = 70 @@ -281876,7 +281876,7 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Ndislansys_Microsoftwindowsopera * YARA Rule Set * Repository Name: Signature Base * Repository: https://github.com/Neo23x0/signature-base - * Retrieval Date: 2024-12-15 + * Retrieval Date: 2024-12-22 * Git Commit: 7f13b425aac90a00c208de8e3b28751b5aba3c45 * Number of Rules: 4294 * Skipped: 0 (age), 6 (quality), 4 (score), 0 (importance) @@ -283403,8 +283403,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Pipe_Backdoor : FILE condition: uint16( 0 ) == 0x5A4D and ( all of ( $a* ) ) and filesize < 100000 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_LSA : FILE { @@ -283435,8 +283435,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_LSA : FILE condition: uint16( 0 ) == 0x5A4D and ( any of ( $a* ) or ( pe.exports ( "InitializeChangeNotify" ) and pe.exports ( "PasswordChangeNotify" ) and math.entropy ( 0x400 , filesize ) >= 7.5 ) ) and filesize < 1000000 } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_SSPI : FILE { @@ -297633,8 +297633,8 @@ rule SIGNATURE_BASE_CN_Actor_Ammyyadmin : FILE condition: ( uint16( 0 ) == 0x5a4d and filesize < 2000KB and all of them ) } -import "pe" import "math" +import "pe" rule SIGNATURE_BASE_Susp_File_Enumerator_With_Encrypted_Resource_101 : FILE { @@ -349616,7 +349616,7 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE description = "Energetic Bear API Hashing Tool" author = "CERT RE Team" id = "4e58800a-9618-5d8b-954c-e843be6002c2" - date = "2024-02-15" + date = "2024-02-22" modified = "2023-12-05" reference = "https://github.com/Neo23x0/signature-base" source_url = "https://github.com/Neo23x0/signature-base/blob/7f13b425aac90a00c208de8e3b28751b5aba3c45/yara/apt_ta17_293A.yar#L77-L93"