{"group":"hunters","count":1,"rules":[{"rule_name":"hunters.yar","rule_text":"/*\nHunters International ransomware (successor to Hive)\n*/\n\nrule HuntersInternational_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.hunters\"\n        description = \"Detects Hunters International ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"Hunters International\" ascii nocase\n        $s2 = \"Contact.txt\" ascii nocase\n        $s3 = \".hunters\" ascii\n        $s4 = \"hunters55i2i\" ascii nocase\n\n    condition:\n        any of them\n}\n\nrule HuntersInternational_PE\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.hunters\"\n        description = \"Detects Hunters International ransomware executable\"\n        date = \"2026-05-04\"\n        severity = 9\n        score = 90\n\n    strings:\n        $s1 = \"Hunters International\" ascii wide\n        $s2 = \".hunters\" ascii\n        $s3 = \"hunters55i2i\" ascii\n\n    condition:\n        uint16(0) == 0x5A4D and 2 of them\n}","sha256":"18004e437eea46d6af6521a32c0030b114d0a88e0cdd72c32c04c35c0c8b3f27","byte_size":980,"updated_at":"2026-06-24 05:16:02"}]}