{"group":"helldown","count":1,"rules":[{"rule_name":"helldown.yar","rule_text":"/*\nHelldown ransomware\n*/\n\nrule Helldown_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.helldown\"\n        description = \"Detects Helldown ransomware ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"Helldown\" ascii nocase\n        $s2 = \"HELLDOWN\" ascii\n        $s3 = \"helldown.onion\" ascii nocase\n        $s4 = \".helldown\" ascii\n\n    condition:\n        any of them\n}","sha256":"0b0d28a27f4c2e0d3ec545fa75336ac66d5b078569993a9f95373b86dc53ac54","byte_size":466,"updated_at":"2026-06-24 05:16:02"}]}