├── README.md
└── Rules
    ├── 2022
        ├── win_bruteratel_syscall_hashes_oct_2022.yar
        ├── win_emotet_string_patterns_oct_2022.yar
        ├── win_gracewire_loader_dec_2022.yar
        ├── win_havoc_djb2_hashing_routine_oct_2022.yar
        ├── win_havoc_ntdll_hashes_oct_2022.yar
        ├── win_icedid_encryption_oct_2022.yar
        ├── win_nighthawk_nov_2022.yar
        ├── win_qakbot_api_hashing_oct_2022.yar
        └── win_qakbot_string_decrypt_nov_2022.yar
    ├── Hunting
        └── win_redline_wextract_hunting.yar
    ├── win_agent_tesla_bytecodes_sep_2023.yar
    ├── win_amadey_bytecodes_oct_2023.yar
    ├── win_asyncrat_bytecodes_sep_2023.yar
    ├── win_asyncrat_unobfuscated_aug_2023.yar
    ├── win_berbew_strings_dec_2023.yar
    ├── win_cobalt_shellcode_encoder_jun_2023.yar
    ├── win_cobalt_sleep_encrypt_aug_2023.yar
    ├── win_cobaltstrike_pipe_strings_nov_2023.yar
    ├── win_darkgate_xll_loader_oct_2023.yar
    ├── win_exela_stealer_simple_strings_sep_2023.yar
    ├── win_icedid_snowloader_bytecodes_oct_2023.yar
    ├── win_lumma _simple_sep_2023.yar
    ├── win_lumma_updated_sep_2023.yar
    ├── win_marsStealer_encryption_bytecodes_dec_2023.yar
    ├── win_medusa_dotnet_bytecodes.yar
    ├── win_mystic_stealer_bytecodes_sep_2023.yar
    ├── win_njrat_bytecodes_oct_2023.yar
    ├── win_njrat_bytecodes_v2_oct_2023.yar
    ├── win_njrat_strings_oct_2023.yar
    ├── win_orcus_rat_simple_strings_dec_2023.yar
    ├── win_pikabot_loader_bytecodes_oct_2023.yar
    ├── win_pikabot_resource_entropy_oct_2023.yar
    ├── win_qak_js_loader_jun_2023.yar
    ├── win_quasar_rat_client_aug_2023.yar
    ├── win_redline_bytecodes_jan_2024.yar
    ├── win_redline_bytecodes_oct_2023.yar
    ├── win_redline_loader_dec_2023.yar
    ├── win_redline_payload_dec_2023.yar
    ├── win_remcos_rat_unpacked_aug_2023.yar
    ├── win_rhadhamanthys_shellcode_feb_2023.yar
    ├── win_solarmarker_bytecodes_aug_2023.yar
    ├── win_solarmarker_stage2_bytecodes_dec_2023.yar
    ├── win_stealc_bytecodes_oct_2023.yar
    ├── win_ursnif_patterns_oct_2022.yar
    ├── win_vidar_strings_jun_2023.yar
    ├── win_xworm_bytestring_sep_2023.yar
    └── win_xworm_simple_strings_sep_2023.yar


/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/README.md


--------------------------------------------------------------------------------
/Rules/2022/win_bruteratel_syscall_hashes_oct_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_bruteratel_syscall_hashes_oct_2022.yar


--------------------------------------------------------------------------------
/Rules/2022/win_emotet_string_patterns_oct_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_emotet_string_patterns_oct_2022.yar


--------------------------------------------------------------------------------
/Rules/2022/win_gracewire_loader_dec_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_gracewire_loader_dec_2022.yar


--------------------------------------------------------------------------------
/Rules/2022/win_havoc_djb2_hashing_routine_oct_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_havoc_djb2_hashing_routine_oct_2022.yar


--------------------------------------------------------------------------------
/Rules/2022/win_havoc_ntdll_hashes_oct_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_havoc_ntdll_hashes_oct_2022.yar


--------------------------------------------------------------------------------
/Rules/2022/win_icedid_encryption_oct_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_icedid_encryption_oct_2022.yar


--------------------------------------------------------------------------------
/Rules/2022/win_nighthawk_nov_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_nighthawk_nov_2022.yar


--------------------------------------------------------------------------------
/Rules/2022/win_qakbot_api_hashing_oct_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_qakbot_api_hashing_oct_2022.yar


--------------------------------------------------------------------------------
/Rules/2022/win_qakbot_string_decrypt_nov_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/2022/win_qakbot_string_decrypt_nov_2022.yar


--------------------------------------------------------------------------------
/Rules/Hunting/win_redline_wextract_hunting.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/Hunting/win_redline_wextract_hunting.yar


--------------------------------------------------------------------------------
/Rules/win_agent_tesla_bytecodes_sep_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_agent_tesla_bytecodes_sep_2023.yar


--------------------------------------------------------------------------------
/Rules/win_amadey_bytecodes_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_amadey_bytecodes_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_asyncrat_bytecodes_sep_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_asyncrat_bytecodes_sep_2023.yar


--------------------------------------------------------------------------------
/Rules/win_asyncrat_unobfuscated_aug_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_asyncrat_unobfuscated_aug_2023.yar


--------------------------------------------------------------------------------
/Rules/win_berbew_strings_dec_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_berbew_strings_dec_2023.yar


--------------------------------------------------------------------------------
/Rules/win_cobalt_shellcode_encoder_jun_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_cobalt_shellcode_encoder_jun_2023.yar


--------------------------------------------------------------------------------
/Rules/win_cobalt_sleep_encrypt_aug_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_cobalt_sleep_encrypt_aug_2023.yar


--------------------------------------------------------------------------------
/Rules/win_cobaltstrike_pipe_strings_nov_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_cobaltstrike_pipe_strings_nov_2023.yar


--------------------------------------------------------------------------------
/Rules/win_darkgate_xll_loader_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_darkgate_xll_loader_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_exela_stealer_simple_strings_sep_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_exela_stealer_simple_strings_sep_2023.yar


--------------------------------------------------------------------------------
/Rules/win_icedid_snowloader_bytecodes_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_icedid_snowloader_bytecodes_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_lumma _simple_sep_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_lumma _simple_sep_2023.yar


--------------------------------------------------------------------------------
/Rules/win_lumma_updated_sep_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_lumma_updated_sep_2023.yar


--------------------------------------------------------------------------------
/Rules/win_marsStealer_encryption_bytecodes_dec_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_marsStealer_encryption_bytecodes_dec_2023.yar


--------------------------------------------------------------------------------
/Rules/win_medusa_dotnet_bytecodes.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_medusa_dotnet_bytecodes.yar


--------------------------------------------------------------------------------
/Rules/win_mystic_stealer_bytecodes_sep_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_mystic_stealer_bytecodes_sep_2023.yar


--------------------------------------------------------------------------------
/Rules/win_njrat_bytecodes_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_njrat_bytecodes_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_njrat_bytecodes_v2_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_njrat_bytecodes_v2_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_njrat_strings_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_njrat_strings_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_orcus_rat_simple_strings_dec_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_orcus_rat_simple_strings_dec_2023.yar


--------------------------------------------------------------------------------
/Rules/win_pikabot_loader_bytecodes_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_pikabot_loader_bytecodes_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_pikabot_resource_entropy_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_pikabot_resource_entropy_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_qak_js_loader_jun_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_qak_js_loader_jun_2023.yar


--------------------------------------------------------------------------------
/Rules/win_quasar_rat_client_aug_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_quasar_rat_client_aug_2023.yar


--------------------------------------------------------------------------------
/Rules/win_redline_bytecodes_jan_2024.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_redline_bytecodes_jan_2024.yar


--------------------------------------------------------------------------------
/Rules/win_redline_bytecodes_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_redline_bytecodes_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_redline_loader_dec_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_redline_loader_dec_2023.yar


--------------------------------------------------------------------------------
/Rules/win_redline_payload_dec_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_redline_payload_dec_2023.yar


--------------------------------------------------------------------------------
/Rules/win_remcos_rat_unpacked_aug_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_remcos_rat_unpacked_aug_2023.yar


--------------------------------------------------------------------------------
/Rules/win_rhadhamanthys_shellcode_feb_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_rhadhamanthys_shellcode_feb_2023.yar


--------------------------------------------------------------------------------
/Rules/win_solarmarker_bytecodes_aug_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_solarmarker_bytecodes_aug_2023.yar


--------------------------------------------------------------------------------
/Rules/win_solarmarker_stage2_bytecodes_dec_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_solarmarker_stage2_bytecodes_dec_2023.yar


--------------------------------------------------------------------------------
/Rules/win_stealc_bytecodes_oct_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_stealc_bytecodes_oct_2023.yar


--------------------------------------------------------------------------------
/Rules/win_ursnif_patterns_oct_2022.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_ursnif_patterns_oct_2022.yar


--------------------------------------------------------------------------------
/Rules/win_vidar_strings_jun_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_vidar_strings_jun_2023.yar


--------------------------------------------------------------------------------
/Rules/win_xworm_bytestring_sep_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_xworm_bytestring_sep_2023.yar


--------------------------------------------------------------------------------
/Rules/win_xworm_simple_strings_sep_2023.yar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/embee-research/Yara-detection-rules/HEAD/Rules/win_xworm_simple_strings_sep_2023.yar


--------------------------------------------------------------------------------