{"group":"abrahams_ax","count":1,"rules":[{"rule_name":"Abrahams_Ax.yar","rule_text":"/*\nAbrahams Ax ransomware\n*/\n\nrule Abrahams_Ax_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.abrahamsax\"\n        description = \"Detects Abrahams Ax ransomware ransom note or artifact\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $name1 = \"Abrahams_Ax\" ascii nocase\n        $name2 = \"ABRAHAMS_AX\" ascii\n        $onion  = \"abrahamsax.onion\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"a089d3dc30142643627dfff959caccea2b5b1ad273d67abe7dc39ed9d6236742","byte_size":475,"updated_at":"2026-06-24 05:15:59"}]}