yara rules

These are a couple of Yara rules that I wrote for detecting RansomExx, a linux-based ransomware.

Usage: $yara ransomexx.yar -path-to-dir-to-be-scanned

Get it from Github

/*
author = "Vishal Thakur - malienist.medium.com"
date = "2021-11-30"
version = "1"
description = "Detects RansomExx Linux Ransomware"
info = "Generated from information extracted from the malware sample by manual analysis."
*/

DFIR enthusiast. Founder of HCKSYD. Founder of Security BSides Sydney Australia. Malware Analyst.