{"group":"groove","count":1,"rules":[{"rule_name":"groove.yar","rule_text":"/*\nGroove extortion group\n*/\n\nrule Groove_Note\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.groove\"\n        description = \"Detects Groove extortion group note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"Groove\" ascii nocase\n        $s2 = \"GROOVE\" ascii\n        $s3 = \"groove.onion\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"d842720e26c3534c360a36f6357a39083fc400543a330e21f2194e1e3f8d317b","byte_size":417,"updated_at":"2026-06-24 05:16:01"}]}