{"group":"thegentlemen","count":1,"rules":[{"rule_name":"thegentlemen.yar","rule_text":"/*\nthegentlemen ransomware\n*/\n\nrule thegentlemen_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.thegentlemen\"\n        description = \"Detects thegentlemen ransomware ransom note or artifact\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $name1 = \"thegentlemen\" ascii nocase\n        $name2 = \"THEGENTLEMEN\" ascii\n        $onion  = \"thegentlemen.onion\" ascii nocase\n\n    condition:\n        any of them\n}","sha256":"1f013e29a656275c61517521a1674bf3bda1c944b96092e631b57af134a6f382","byte_size":484,"updated_at":"2026-06-24 05:16:05"}]}