{"group":"donex","count":1,"rules":[{"rule_name":"donex.yar","rule_text":"/*\nDonex ransomware (DarkRace rebranding)\n*/\n\nrule Donex_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.donex\"\n        description = \"Detects Donex ransomware ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"Donex\" ascii nocase\n        $s2 = \"DONEX\" ascii\n        $s3 = \"donex.onion\" ascii nocase\n        $s4 = \"!DONEX-README.txt\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"43e49ea83cc042f78134bab552a3daff4e14b17959ebf948316a7bd9ee7edcd2","byte_size":482,"updated_at":"2026-06-24 05:16:01"}]}