{"group":"blackmatter","count":1,"rules":[{"rule_name":"sekoia.yar","rule_text":"import \"pe\"\nimport \"hash\"\n        \nrule ransomware_win_blackmatter {\n    meta:\n        id = \"9b2d8ac3-b4d1-40f5-ac57-411547dcb2cf\"\n        version = \"1.0\"\n        description = \"Detect Black matter ransomware (2021-07-23)\"\n        author = \"Sekoia.io\"\n        creation_date = \"2021-08-03\"\n        classification = \"TLP:CLEAR\"\n        \n    condition:\n        for any i in (0..pe.number_of_sections-1) : (\n            hash.md5(pe.sections[i].raw_data_offset, pe.sections[i].raw_data_size) == \"5e89d335de2021a2c268acf00ec513e5\"\n        )\n}","sha256":"c31958b41b5908ebb21c7538b3742924d17316da31f2ab2129b6b8939b2ab3c7","byte_size":536,"updated_at":"2026-06-24 05:15:59"}]}