Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business
ransomhouse.yarrule RansomHouse {
meta:
description = "rule to detect RansomHouse"
author = "ShadowStackRe.com"
date = "2024-02-20"
Rule_Version = "v1"
malware_type = "ransomware"
malware_family = "RansomHouse"
License = "MIT License, https://opensource.org/license/mit/"
strings:
$strFileExt = ".emario"
$strRestore = "How To Restore Your Files.txt"
$strEncrypted = "/path/to/be/encrypted"
$strCrypted = "Crypted:"
condition:
filesize < 100KB and all of ($str*)
}