{"group":"leaktheanalyst","count":1,"rules":[{"rule_name":"leaktheanalyst.yar","rule_text":"/*\nleaktheanalyst ransomware\n*/\n\nrule leaktheanalyst_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.leaktheanalyst\"\n        description = \"Detects leaktheanalyst ransomware ransom note or artifact\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $name1 = \"leaktheanalyst\" ascii nocase\n        $name2 = \"LEAKTHEANALYST\" ascii\n        $onion  = \"leaktheanalyst.onion\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"32520d77efef3c71c55156cb7b58aeb9cb9e363eac25810ddf311a67ce6fd2f6","byte_size":498,"updated_at":"2026-06-24 05:16:02"}]}