YARAhub
You are currently viewing the YARAhub entry of the YARA rule BrainCipher. Depending on the TLP classification of this YARA rule chosen by the author, further information about this YARA rule is available below.
YARA Rule Details: BrainCipher
| Rule name: | BrainCipher |
|---|---|
| Author: | NDA0E - @NDA0E |
| Description: | Detects BrainCipher Ransomware |
| Reference MD5: | 71c109f3bf4da2fc0173b9bcff07e979 |
| Likes: | 0 |
| Reference Link : | n/a |
| Malpedia Family : | n/a |
| Date added: | 2024-10-17 |
| Rule Matching TLP : | TLP:WHITE |
| Rule Sharing TLP : | TLP:WHITE |
| License : | https://creativecommons.org/publicdomain/zero/1.0/ |
| UUID: | b73e7c42-18de-4824-9537-6f9b36f7be71 |
| Static hits: | 1 |
| Unpacker hits: | 0 |
YARA Rule Content
The content of the YARA rule is shown below.
rule BrainCipher {
meta:
author = "NDA0E"
yarahub_author_twitter = "@NDA0E"
date = "2024-10-17"
description = "Detects BrainCipher Ransomware"
yarahub_uuid = "b73e7c42-18de-4824-9537-6f9b36f7be71"
yarahub_license = "CC0 1.0"
yarahub_rule_matching_tlp = "TLP:WHITE"
yarahub_rule_sharing_tlp = "TLP:WHITE"
yarahub_reference_md5 = "71c109f3bf4da2fc0173b9bcff07e979"
strings:
$str0 = "Welcome to Brain Cipher Ransomware!" ascii
condition:
(uint16(0) == 0x5a4d or
uint16(0) == 0x457f) and
all of them
}
YARA Rule Matches
The following table shows the most recent files matching this particular YARA rule.
| First seen (UTC) | SHA256 hash | Static matches | Unpacker matches |
|---|