{"group":"8base","count":1,"rules":[{"rule_name":"8base.yar","rule_text":"/*\n8BASE ransomware (Phobos variant)\n*/\n\nrule _8BASE_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.8base\"\n        description = \"Detects 8BASE ransomware ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"8BASE\" ascii nocase\n        $s2 = \"8base\" ascii nocase\n        $s3 = \"8base.onion\" ascii nocase\n\n    condition:\n        any of them\n}\n\nrule _8BASE_PE\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.8base\"\n        description = \"Detects 8BASE ransomware executable (Phobos-based)\"\n        date = \"2026-05-04\"\n        severity = 9\n        score = 90\n\n    strings:\n        $s1 = \"8BASE\" ascii wide\n        $s2 = \".8base\" ascii nocase\n        $s3 = \"8base.onion\" ascii\n\n    condition:\n        uint16(0) == 0x5A4D and 2 of them\n}","sha256":"ed731fa050259ff335f4c9986d545436415b1e99be056737dc872988fd2446c0","byte_size":857,"updated_at":"2026-06-24 05:15:59"}]}