{"group":"donutleaks","count":1,"rules":[{"rule_name":"donutleaks.yar","rule_text":"/*\nDonut Leaks extortion group\n*/\n\nrule DonutLeaks_Note\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.donutleaks\"\n        description = \"Detects Donut Leaks extortion note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"Donut Leaks\" ascii nocase\n        $s2 = \"donutleaks\" ascii nocase\n        $s3 = \"donut.onion\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"d887b9e6508ac2d280fda60fb6abda49a2decc83df930737f3a6551a142fa24e","byte_size":444,"updated_at":"2026-06-24 05:16:01"}]}