{"group":"cloak","count":1,"rules":[{"rule_name":"cloak.yar","rule_text":"/*\nCloak ransomware (ARCrypter-based)\n*/\n\nrule Cloak_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.cloak\"\n        description = \"Detects Cloak ransomware ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"Cloak\" ascii nocase\n        $s2 = \"CLOAK\" ascii\n        $s3 = \"cloak.onion\" ascii nocase\n        $s4 = \"cloakteam\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"f66ceecff6502e625250801db20603a6d7cc8afbed566a57a8e3ec182adfd5be","byte_size":470,"updated_at":"2026-06-24 05:16:00"}]}