{"group":"avoslocker","count":1,"rules":[{"rule_name":"sekoia.yar","rule_text":"rule ransomware_win_avoslocker {\n    meta:\n        id = \"fc5c2483-48cb-4282-b6cb-ac728b948607\"\n        version = \"1.0\"\n        description = \"Detect AvosLocker ransomware (2021-07)\"\n        author = \"Sekoia.io\"\n        creation_date = \"2021-08-03\"\n        classification = \"TLP:CLEAR\"\n        hash6 = \"f810deb1ba171cea5b595c6d3f816127fb182833f7a08a98de93226d4f6a336f\"\n        hash7 = \"c0a42741eef72991d9d0ee8b6c0531fc19151457a8b59bdcf7b6373d1fe56e02\"\n        hash8 = \"84d94c032543e8797a514323b0b8fd8bd69b4183f17351628b13d1464093af2d\"\n        \n    strings:\n        $s1 = \"cryptopp850\\\\rijndael_simd.cpp\" ascii\n        $s2 = \"cryptopp850\\\\sha_simd.cpp\" ascii\n        $s3 = \"cryptopp850\\\\gf2n_simd.cpp\" ascii\n        $s4 = \"cryptopp850\\\\sse_simd.cpp\" ascii\n        \n    condition:\n        all of them\n        and uint16(0)==0x5A4D\n        and filesize > 900KB\n        and filesize < 950KB\n}","sha256":"0963eb8ce80cbb1584c57089aa995128bdf9f5bcdf44b96b62ec81eee8205107","byte_size":887,"updated_at":"2026-06-24 05:15:59"}]}