{"group":"shadowbyt3$","count":1,"rules":[{"rule_name":"ShadowByt3$.yar","rule_text":"/*\nShadowByt3$ ransomware\n*/\n\nrule ShadowByt3_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.shadowbyt3$\"\n        description = \"Detects ShadowByt3$ ransomware ransom note or artifact\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $name1 = \"ShadowByt3$\" ascii nocase\n        $name2 = \"SHADOWBYT3$\" ascii\n        $onion  = \"shadowbyt3$.onion\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"19e08012106c22a08ee2ec414a605e747917f5589667f815f06289644bc52f5e","byte_size":476,"updated_at":"2026-06-24 05:16:05"}]}