 |
 | Yara Sig For Black Cat Ransomware Targeting U S Businesse |  |
|
GuitarBob
|
|
Below is a Yara signature for a new version of Black Cat ransomware targeting business computers worldwide, and especially U S ones. It didn't give me any scan errors, so it should work. Copy the file to a new Notepad file from the word rule to the ending } and save it as a file named BlackCat.yar in the ClamWin database folder. Save it in All Files format and make sure there is nothing in the name except BlackCat.yar only. After you save it, scan a file with ClamWin to make sure it works. If there is a problem, please accept my apologies, and delete the file from the ClamWin database folder.
Unlike the usual mdb or hdb hash signatures, Yara sigs should keep for a long time, so keep it around--it may infect my wife's Windows computer, and yours. Regards, rule indications of BlackCat ransomware targeting U S business April 2022 { strings: $a = “start.bat” $b = “est.bat” $c = “drag-and-drop-target.bat” $d = “run.bat” $e = “Runs1.ps1” condition: any 2 of them } |
|||||||||||
|
|||||||||||||
 |
 | Yara Sig For Black Cat Ransomware Targeting U S Businesse | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.