YARA Detection Rules

340 groups with published YARA rules · 340 rules · 290.8 KB total. Mirrored from ransomware.live.

Groups with detection rules

#	Group	Rules	Total size
1	0apt	1	0.4 KB	Download JSON
2	0mega	1	0.4 KB	Download JSON
3	8base	1	0.8 KB	Download JSON
4	abrahams_ax	1	0.5 KB	Download JSON
5	abyss	1	0.4 KB	Download JSON
6	adminlocker	1	0.5 KB	Download JSON
7	againstthewest	1	0.5 KB	Download JSON
8	agl0bgvycg	1	0.5 KB	Download JSON
9	ailock	1	1.1 KB	Download JSON
10	akira	1	2.1 KB	Download JSON
11	ako	1	0.4 KB	Download JSON
12	alp-001	1	0.4 KB	Download JSON
13	alphalocker	1	0.5 KB	Download JSON
14	alphv	1	1.1 KB	Download JSON
15	anubis	1	0.4 KB	Download JSON
16	apos	1	0.4 KB	Download JSON
17	apt73	1	0.4 KB	Download JSON
18	arcusmedia	1	0.5 KB	Download JSON
19	argonauts	1	0.5 KB	Download JSON
20	arkana	1	0.4 KB	Download JSON
21	arvinclub	1	0.5 KB	Download JSON
22	atomsilo	1	0.4 KB	Download JSON
23	auditteam	1	0.5 KB	Download JSON
24	aurora	1	0.4 KB	Download JSON
25	avaddon	1	0.9 KB	Download JSON
26	avos	1	0.4 KB	Download JSON
27	avoslocker	1	0.9 KB	Download JSON
28	aware	1	0.4 KB	Download JSON
29	aztroteam	1	0.5 KB	Download JSON
30	babuk	1	3.7 KB	Download JSON
31	babuk2	1	0.4 KB	Download JSON
32	babyduck	1	0.4 KB	Download JSON
33	beast	1	0.9 KB	Download JSON
34	benzona	1	0.4 KB	Download JSON
35	bert	1	0.4 KB	Download JSON
36	bianlian	1	0.8 KB	Download JSON
37	blackbasta	1	7.3 KB	Download JSON
38	blackbyte	1	1.5 KB	Download JSON
39	blacklock	1	0.5 KB	Download JSON
40	blackmatter	1	0.5 KB	Download JSON
41	blacknevas	1	0.5 KB	Download JSON
42	blackout	1	0.4 KB	Download JSON
43	blackshadow	1	0.5 KB	Download JSON
44	blackshrantac	1	0.5 KB	Download JSON
45	blacksuit	1	2.1 KB	Download JSON
46	blacktor	1	0.4 KB	Download JSON
47	blackwater	1	0.5 KB	Download JSON
48	bluebox	1	0.4 KB	Download JSON
49	bluelocker	1	1.0 KB	Download JSON
50	bluesky	1	0.4 KB	Download JSON
51	bonacigroup	1	0.5 KB	Download JSON
52	bqtlock	1	0.4 KB	Download JSON
53	braincipher	1	0.5 KB	Download JSON
54	bravox	1	0.4 KB	Download JSON
55	brotherhood	1	0.5 KB	Download JSON
56	cactus	1	1.0 KB	Download JSON
57	cephalus	1	0.4 KB	Download JSON
58	chaos	1	1.4 KB	Download JSON
59	cheers	1	0.4 KB	Download JSON
60	chilelocker	1	0.5 KB	Download JSON
61	chort	1	0.4 KB	Download JSON
62	cicada3301	1	0.9 KB	Download JSON
63	ciphbit	1	0.4 KB	Download JSON
64	cipherforce	1	0.5 KB	Download JSON
65	cloak	1	0.5 KB	Download JSON
66	clop	1	9.9 KB	Download JSON
67	cmdorganization	1	0.5 KB	Download JSON
68	coinbasecartel	1	0.5 KB	Download JSON
69	contfr	1	0.4 KB	Download JSON
70	conti	1	0.9 KB	Download JSON
71	cooming	1	0.4 KB	Download JSON
72	crazyhunter	1	0.4 KB	Download JSON
73	crosslock	1	0.5 KB	Download JSON
74	cry0	1	0.4 KB	Download JSON
75	crylock	1	0.4 KB	Download JSON
76	cryp70n1c0d3	1	0.5 KB	Download JSON
77	cryptbb	1	0.4 KB	Download JSON
78	cryptnet	1	0.4 KB	Download JSON
79	crypto24	1	0.4 KB	Download JSON
80	cuba	1	0.9 KB	Download JSON
81	cyclops	1	0.4 KB	Download JSON
82	d4rk4rmy	1	0.4 KB	Download JSON
83	dagonlocker	1	0.5 KB	Download JSON
84	daixin	1	0.4 KB	Download JSON
85	dan0n	1	0.4 KB	Download JSON
86	darkangels	1	0.5 KB	Download JSON
87	darkbit	1	0.4 KB	Download JSON
88	darkleakmarket	1	0.5 KB	Download JSON
89	darkpower	1	0.4 KB	Download JSON
90	darkrace	1	0.4 KB	Download JSON
91	darkside	1	0.4 KB	Download JSON
92	darkvault	1	0.5 KB	Download JSON
93	datacarry	1	0.5 KB	Download JSON
94	datakeeper	1	0.5 KB	Download JSON
95	dataleak	1	0.4 KB	Download JSON
96	desolator	1	0.5 KB	Download JSON
97	devman	1	0.4 KB	Download JSON
98	diavol	1	0.8 KB	Download JSON
99	direwolf	1	0.4 KB	Download JSON
100	dispossessor	1	0.4 KB	Download JSON
101	donex	1	0.5 KB	Download JSON
102	donutleaks	1	0.4 KB	Download JSON
103	doppelpaymer	1	0.9 KB	Download JSON
104	dragonforce	1	0.5 KB	Download JSON
105	dragonransomware	1	0.5 KB	Download JSON
106	dread	1	0.4 KB	Download JSON
107	dunghill	1	0.4 KB	Download JSON
108	ech0raix	1	0.4 KB	Download JSON
109	eldorado	1	0.5 KB	Download JSON
110	embargo	1	0.5 KB	Download JSON
111	entropy	1	0.5 KB	Download JSON
112	ep918	1	0.4 KB	Download JSON
113	esxiargs	1	0.4 KB	Download JSON
114	everest	1	0.5 KB	Download JSON
115	exitium	1	0.4 KB	Download JSON
116	exorcist	1	0.4 KB	Download JSON
117	fletchen	1	0.4 KB	Download JSON
118	flocker	1	0.4 KB	Download JSON
119	fog	1	0.8 KB	Download JSON
120	frag	1	0.4 KB	Download JSON
121	freecivilian	1	0.5 KB	Download JSON
122	fsteam	1	0.4 KB	Download JSON
123	fulcrumsec	1	0.5 KB	Download JSON
124	funksec	1	0.5 KB	Download JSON
125	gdlockersec	1	0.5 KB	Download JSON
126	genesis	1	0.4 KB	Download JSON
127	global	1	0.4 KB	Download JSON
128	grief	1	9.0 KB	Download JSON
129	groove	1	0.4 KB	Download JSON
130	gunra	1	0.4 KB	Download JSON
131	hades	1	0.9 KB	Download JSON
132	handala	1	0.4 KB	Download JSON
133	haron	1	0.4 KB	Download JSON
134	hellcat	1	0.4 KB	Download JSON
135	helldown	1	0.5 KB	Download JSON
136	hellogookie	1	0.5 KB	Download JSON
137	hellokitty	1	1.3 KB	Download JSON
138	hive	1	3.0 KB	Download JSON
139	holyghost	1	0.5 KB	Download JSON
140	hotarus	1	0.4 KB	Download JSON
141	hunters	1	1.0 KB	Download JSON
142	icefire	1	0.5 KB	Download JSON
143	imncrew	1	0.4 KB	Download JSON
144	incransom	1	1.8 KB	Download JSON
145	insane	1	0.4 KB	Download JSON
146	insomnia	1	0.4 KB	Download JSON
147	interlock	1	0.5 KB	Download JSON
148	j	1	0.4 KB	Download JSON
149	kairos	1	0.4 KB	Download JSON
150	karakurt	1	0.4 KB	Download JSON
151	karma	1	0.5 KB	Download JSON
152	kawa4096	1	0.4 KB	Download JSON
153	kazu	1	0.4 KB	Download JSON
154	kelvinsecurity	1	0.5 KB	Download JSON
155	killsec	1	0.4 KB	Download JSON
156	kittykatkrew	1	0.5 KB	Download JSON
157	knight	1	0.5 KB	Download JSON
158	kraken	1	0.4 KB	Download JSON
159	krybit	1	0.4 KB	Download JSON
160	kryptos	1	0.4 KB	Download JSON
161	kyber	1	0.4 KB	Download JSON
162	la_piovra	1	0.5 KB	Download JSON
163	lamashtu	1	0.4 KB	Download JSON
164	lapsus$	1	0.4 KB	Download JSON
165	leaktheanalyst	1	0.5 KB	Download JSON
166	lilith	1	0.4 KB	Download JSON
167	linkc	1	0.4 KB	Download JSON
168	lockbit	1	0.9 KB	Download JSON
169	lockbit2	1	0.9 KB	Download JSON
170	lockbit3	1	0.9 KB	Download JSON
171	lockbit3_fs	1	0.5 KB	Download JSON
172	lockbit5	1	0.4 KB	Download JSON
173	lockdata	1	0.4 KB	Download JSON
174	loki	1	0.4 KB	Download JSON
175	lolnek	1	0.4 KB	Download JSON
176	lorenz	1	1.1 KB	Download JSON
177	losttrust	1	0.6 KB	Download JSON
178	lunalock	1	0.4 KB	Download JSON
179	lv	1	0.5 KB	Download JSON
180	lynx	1	0.4 KB	Download JSON
181	m3rx	1	0.4 KB	Download JSON
182	madcat	1	0.4 KB	Download JSON
183	madliberator	1	0.5 KB	Download JSON
184	malas	1	0.4 KB	Download JSON
185	malekteam	1	0.5 KB	Download JSON
186	mallox	1	2.5 KB	Download JSON
187	mamona	1	0.4 KB	Download JSON
188	marketo	1	0.4 KB	Download JSON
189	maze	1	1.2 KB	Download JSON
190	mbc	1	0.4 KB	Download JSON
191	medusa	1	8.8 KB	Download JSON
192	medusalocker	1	6.9 KB	Download JSON
193	meow	1	0.4 KB	Download JSON
194	metaencryptor	1	0.5 KB	Download JSON
195	midas	1	0.4 KB	Download JSON
196	mindware	1	0.4 KB	Download JSON
197	minteye	1	0.4 KB	Download JSON
198	mnt6	1	0.4 KB	Download JSON
199	mogilevich	1	0.5 KB	Download JSON
200	moneymessage	1	0.5 KB	Download JSON
201	monti	1	0.8 KB	Download JSON
202	morpheus	1	0.5 KB	Download JSON
203	mosesstaff	1	0.5 KB	Download JSON
204	mountlocker	1	0.5 KB	Download JSON
205	ms13089	1	0.4 KB	Download JSON
206	mydecryptor	1	0.5 KB	Download JSON
207	n3tworm	1	0.4 KB	Download JSON
208	nasirsecurity	1	0.5 KB	Download JSON
209	nefilim	1	0.8 KB	Download JSON
210	nemty	1	0.4 KB	Download JSON
211	netrunner	1	0.5 KB	Download JSON
212	netwalker	1	30.6 KB	Download JSON
213	nevada	1	1.6 KB	Download JSON
214	nightsky	1	0.5 KB	Download JSON
215	nightspire	1	0.5 KB	Download JSON
216	nitrogen	1	0.5 KB	Download JSON
217	noescape	1	0.7 KB	Download JSON
218	nokoyawa	1	0.9 KB	Download JSON
219	noname	1	0.4 KB	Download JSON
220	nova	1	0.4 KB	Download JSON
221	obscura	1	0.4 KB	Download JSON
222	onepercent	1	0.5 KB	Download JSON
223	onyx	1	0.4 KB	Download JSON
224	orca	1	0.4 KB	Download JSON
225	orion	1	0.4 KB	Download JSON
226	osiris	1	0.4 KB	Download JSON
227	pandora	1	0.4 KB	Download JSON
228	pay2key	1	0.4 KB	Download JSON
229	payload	1	0.4 KB	Download JSON
230	payloadbin	1	0.5 KB	Download JSON
231	payoutsking	1	0.5 KB	Download JSON
232	pear	1	0.4 KB	Download JSON
233	play	1	7.6 KB	Download JSON
234	playboy	1	0.4 KB	Download JSON
235	projectrelic	1	0.5 KB	Download JSON
236	prolock	1	0.5 KB	Download JSON
237	prometheus	1	0.5 KB	Download JSON
238	promptlock	1	0.5 KB	Download JSON
239	pysa	1	0.9 KB	Download JSON
240	qilin	1	1.6 KB	Download JSON
241	qiulong	1	0.4 KB	Download JSON
242	qlocker	1	0.4 KB	Download JSON
243	quantum	1	9.3 KB	Download JSON
244	rabbithole	1	0.5 KB	Download JSON
245	radar	1	0.4 KB	Download JSON
246	radiant	1	0.4 KB	Download JSON
247	ragnarlocker	1	1.6 KB	Download JSON
248	ragnarok	1	0.5 KB	Download JSON
249	ralord	1	0.4 KB	Download JSON
250	ramp	1	0.4 KB	Download JSON
251	rancoz	1	0.4 KB	Download JSON
252	ranion	1	0.4 KB	Download JSON
253	ransombay	1	0.5 KB	Download JSON
254	ransomcartel	1	0.5 KB	Download JSON
255	ransomcortex	1	0.5 KB	Download JSON
256	ransomed	1	0.4 KB	Download JSON
257	ransomexx	1	0.9 KB	Download JSON
258	ransomhouse	1	0.5 KB	Download JSON
259	ransomhub	1	0.9 KB	Download JSON
260	ranstreet	1	0.5 KB	Download JSON
261	ranzy	1	0.4 KB	Download JSON
262	raworld	1	0.7 KB	Download JSON
263	raznatovic	1	0.5 KB	Download JSON
264	rebornvc	1	0.4 KB	Download JSON
265	redalert	1	0.5 KB	Download JSON
266	redransomware	1	0.5 KB	Download JSON
267	revil	1	1.4 KB	Download JSON
268	reynolds	1	0.4 KB	Download JSON
269	rhysida	1	6.6 KB	Download JSON
270	robinhood	1	0.9 KB	Download JSON
271	rook	1	0.4 KB	Download JSON
272	royal	1	7.3 KB	Download JSON
273	rransom	1	0.4 KB	Download JSON
274	runsomewares	1	0.5 KB	Download JSON
275	sabbath	1	0.5 KB	Download JSON
276	safepay	1	0.4 KB	Download JSON
277	sarcoma	1	0.4 KB	Download JSON
278	satanlockv2	1	0.5 KB	Download JSON
279	secp0	1	0.4 KB	Download JSON
280	securotrop	1	0.5 KB	Download JSON
281	sensayq	1	0.4 KB	Download JSON
282	shadow	1	0.4 KB	Download JSON
283	shadowbyt3$	1	0.5 KB	Download JSON
284	shaoleaks	1	0.5 KB	Download JSON
285	shinyhunters	1	0.5 KB	Download JSON
286	shinysp1d3r	1	0.5 KB	Download JSON
287	sicarii	1	0.4 KB	Download JSON
288	siegedsec	1	0.5 KB	Download JSON
289	silent	1	0.4 KB	Download JSON
290	silentransomgroup	1	0.5 KB	Download JSON
291	sinobi	1	0.4 KB	Download JSON
292	skira	1	0.4 KB	Download JSON
293	slug	1	0.4 KB	Download JSON
294	snatch	1	2.6 KB	Download JSON
295	solidbit	1	0.4 KB	Download JSON
296	spacebears	1	0.4 KB	Download JSON
297	sparta	1	0.4 KB	Download JSON
298	spook	1	0.4 KB	Download JSON
299	stormous	1	0.4 KB	Download JSON
300	sugar	1	0.5 KB	Download JSON
301	suncrypt	1	1.4 KB	Download JSON
302	synack	1	0.4 KB	Download JSON
303	teamxxx	1	0.4 KB	Download JSON
304	tengu	1	0.4 KB	Download JSON
305	termite	1	0.5 KB	Download JSON
306	thegentlemen	1	0.5 KB	Download JSON
307	thegreenbloodgroup	1	0.5 KB	Download JSON
308	threeam	1	0.9 KB	Download JSON
309	timc	1	0.4 KB	Download JSON
310	toufan	1	0.4 KB	Download JSON
311	tridentlocker	1	0.5 KB	Download JSON
312	trigona	1	0.9 KB	Download JSON
313	trinity	1	1.3 KB	Download JSON
314	trisec	1	0.4 KB	Download JSON
315	u-bomb	1	0.4 KB	Download JSON
316	underground	1	0.4 KB	Download JSON
317	unknown	1	0.4 KB	Download JSON
318	unsafe	1	0.4 KB	Download JSON
319	valencialeaks	1	0.5 KB	Download JSON
320	vanhelsing	1	0.5 KB	Download JSON
321	vanirgroup	1	0.5 KB	Download JSON
322	vect	1	0.4 KB	Download JSON
323	vendetta	1	0.4 KB	Download JSON
324	vfokx	1	0.4 KB	Download JSON
325	vicesociety	1	0.4 KB	Download JSON
326	walocker	1	0.4 KB	Download JSON
327	wannacry	1	1.3 KB	Download JSON
328	warlock	1	0.4 KB	Download JSON
329	werewolves	1	0.5 KB	Download JSON
330	weyhro	1	0.4 KB	Download JSON
331	worldleaks	1	0.5 KB	Download JSON
332	x001xs	1	0.4 KB	Download JSON
333	xinglocker	1	0.5 KB	Download JSON
334	xinof	1	0.4 KB	Download JSON
335	xp95	1	0.4 KB	Download JSON
336	yanluowang	1	0.9 KB	Download JSON
337	yurei	1	0.4 KB	Download JSON
338	zeon	1	0.4 KB	Download JSON
339	zerolockersec	1	0.5 KB	Download JSON
340	zerotolerance	1	0.5 KB	Download JSON

Rule text is available at https://hackersfeeds-api.secaware.workers.dev/api/rl/yara/<group> — usable as input to Loki, YARA-X, or any compatible scanner.