{"group":"rook","count":1,"rules":[{"rule_name":"rook.yar","rule_text":"/*\nRook ransomware (Babuk-based)\n*/\n\nrule Rook_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.rook\"\n        description = \"Detects Rook ransomware ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"HowToRestoreYourFiles.txt\" ascii nocase\n        $s2 = \"ROOK\" ascii\n        $s3 = \"rook\" ascii\n        $s4 = \".rook\" ascii\n\n    condition:\n        2 of them\n}","sha256":"4a736ecb19b4fb217b3219aa239e3b19ac72b81deaecce0dbcf6afaddf62b78a","byte_size":454,"updated_at":"2026-06-24 05:16:05"}]}