{"group":"underground","count":1,"rules":[{"rule_name":"underground.yar","rule_text":"/*\nUnderground ransomware\n*/\n\nrule Underground_Ransomnote\n{\n    meta:\n        author = \"ransomware.live\"\n        family = \"ransomware.underground\"\n        description = \"Detects Underground ransomware ransom note\"\n        date = \"2026-05-04\"\n        severity = 7\n        score = 70\n\n    strings:\n        $s1 = \"underground\" ascii nocase\n        $s2 = \"!readme.txt\" ascii nocase\n        $s3 = \"underground.onion\" ascii nocase\n\n    condition:\n        2 of them\n}","sha256":"a7bf1d930e1baa83d47976bd0e415bf3d89b41c1407f68c59b066c9af6903677","byte_size":460,"updated_at":"2026-06-24 05:16:06"}]}