{"group":"eldorado","count":1,"rules":[{"rule_name":"ElDorado.yar","rule_text":"/*\nElDorado ransomware (Go-based, ESXi)\n*/\n\nrule ElDorado_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.eldorado\"\n        description = \"Detects ElDorado ransomware ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"ElDorado\" ascii nocase\n        $s2 = \"ELDORADO\" ascii\n        $s3 = \"eldorado.onion\" ascii nocase\n        $s4 = \"HOW_TO_RECOVER.txt\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"3dc0f49df1d46087970bf148f4238d92af75c8247bb606c570dfe7822d1e163c","byte_size":499,"updated_at":"2026-06-24 05:16:01"}]}