{"group":"avaddon","count":1,"rules":[{"rule_name":"avaddon.yar","rule_text":"/*\nAvaddon ransomware\n*/\n\nrule Avaddon_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.avaddon\"\n        description = \"Detects Avaddon ransom note HTML\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"AVADDON\" ascii nocase\n        $s2 = \"avaddonbotrxmuyl.onion\" ascii nocase\n        $s3 = \"_readme_.html\" ascii nocase\n        $s4 = \"avaddon@\" ascii nocase\n\n    condition:\n        any of them\n}\n\nrule Avaddon_PE\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.avaddon\"\n        description = \"Detects Avaddon ransomware executable\"\n        date = \"2026-05-04\"\n        severity = 9\n        score = 90\n\n    strings:\n        $s1 = \"Avaddon\" ascii wide\n        $s2 = \".avdn\" ascii\n        $s3 = \"avaddonbotrxmuyl\" ascii\n\n    condition:\n        uint16(0) == 0x5A4D and 2 of them\n}","sha256":"6c3367bede52bdf23afd9564c1e210f4a2699caf2f05f5fca08a79859a1dc357","byte_size":889,"updated_at":"2026-06-24 05:15:59"}]}