Show in Graph
Common Information
Type Value
Value 
import "pe"

rule Ymir {
	meta:
		author = "Kaspersky  GERT"
		description = "Yara rule for detecting the Ymir ransomware."
		target_entity = "file"
	strings:
		$s1 = "powershell -w h -c Start-Sleep -Seconds 5; Remove-Item -Force -Path" ascii wide nocase
		$s2 = "setup-qtox-x86_64-release.exe" ascii wide nocase
		$s3 = "6C5oy2dVr6" ascii wide nocase
		$s4 = "INCIDENT_REPORT.pdf" ascii wide nocase
		$s5 = "D:20240831154833-06" ascii wide nocase
		$s6 = "ChaCha" ascii wide nocase
		$s7 = "x64dbg" ascii wide nocase
	condition:
		(3 of ($s*)) and pe.imports("msvcrt.dll", "memmove")
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2024-11-11 39 Kaspersky discovers new Ymir ransomware used together with RustyStealer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting