{"group":"babuk2","count":1,"rules":[{"rule_name":"babuk2.yar","rule_text":"/*\nbabuk2 ransomware\n*/\n\nrule babuk2_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.babuk2\"\n        description = \"Detects babuk2 ransomware ransom note or artifact\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $name1 = \"babuk2\" ascii nocase\n        $name2 = \"BABUK2\" ascii\n        $onion  = \"babuk2.onion\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"8e8bbd30a7cddea6bae9e03f2a657bbf14202297991826b90363f9e1e06d5e22","byte_size":442,"updated_at":"2026-06-24 05:15:59"}]}