We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
check my rule for source code:
rule AntiRussianProtestware { meta: custom_title = "Protestware" custom_level = "High" // High, Medium, Low custom_description = "Potentially contains a political slogan and may also contain a backdoor somewhere" strings: $IoC1 = "Украина" nocase $IoC2 = "нетвойне" nocase $IoC3 = "Support Ukraine" nocase $IoC4 = "Россия" nocase $IoC5 = "Харьков" nocase $IoC6 = "Херсон" nocase $IoC7 = "мариуполь" nocase $IoC8 = "война" nocase $IoC9 = "НетПутину" nocase $IoC10 = "mariupol" nocase $IoC11 = "україна" nocase $IoC12 = "Stop War" nocase $IoC13 = "StopWar" nocase $IoC14 = "Ukraine War" nocase $IoC15 = "UkraineWar" nocase $IoC16 = "stands with ukraine" nocase $IoC17 = "нетвойнесУкраиной" nocase $IoC18 = "Russia" nocase $IoC19 = "Путин" nocase $IoC20 = "Stop The War" nocase $IoC21 = "StopTheWar" nocase $IoC22 = "StopRussianAggression" nocase $IoC23 = "Киев" nocase $IoC24 = "No War" nocase $IoC25 = "NoWarWithUkraine" nocase $IoC26 = "UkraineRussie" nocase $IoC27 = "Stand With Ukraine" nocase $IoC28 = "StandWithUkraine" nocase $IoC29 = "Зеленский" nocase $IoC31 = "RussiaUkraineConflict" nocase $IoC32 = "SaveUkraine" nocase $IoC33 = "StopRussia" nocase $IoC34 = "Сумы" nocase $IoC35 = "UkraineInvasion" nocase $IoC36 = "stopputin" nocase $IoC37 = "СлаваУкраїні" nocase $IoC38 = "UkraineRussiaCrisis" nocase $IoC39 = "Гостомель" nocase $IoC40 = "UkraineConflict" nocase $IoC41 = "FlyAway" nocase $IoC42 = "войска" nocase $IoC43 = "ДНР" nocase $IoC44 = "NoWar" nocase $IoC45 = "Одесса" nocase $IoC46 = "Харків" nocase $IoC47 = "Kiev" nocase $IoC48 = "Ukraina" nocase $IoC49 = "России" nocase $IoC50 = "Херсоне" nocase $IoC51 = "путинубийца" nocase $IoC52 = "протесты" nocase $IoC53 = "Donbass" nocase $IoC54 = "нацизм" nocase $IoC55 = "Одеса" nocase $IoC56 = "геноцид" nocase $IoC57 = "europe" nocase $IoC58 = "фашизм" nocase $IoC59 = "Odesa" nocase $IoC60 = "Odessa" nocase $IoC61 = "ЛНР" nocase $IoC62 = "лукашенко" nocase $IoC63 = "Москва" nocase $IoC64 = "IStandWithUkraine" nocase $IoC65 = "Мелитополь" nocase $IoC66 = "невойне" nocase $IoC67 = "СвоихНеБросаем" nocase $IoC68 = "DonbassTragedy" nocase $IoC69 = "See4Yourself" nocase $IoC70 = "Think4Yourself" nocase $IoC71 = "WeRemember" nocase $IoC72 = "IstandwithRussia" nocase $IoC73 = "Novorossiya" nocase $IoC74 = "РаботайтеБратья" nocase $IoC75 = "Welcome2Crimea" nocase $IoC76 = "Crimea" nocase $IoC77 = "CrimeanSpring" nocase $IoC78 = "IStandWithPutin" nocase $IoC79 = "русскиеидут" nocase $IoC80 = "imwithrussia" nocase $IoC81 = "ProudToBeRussian" nocase $IoC82 = "StopPutinNow" nocase $IoC83 = "SlavaUkraini" nocase $IoC84 = "HelpUkraine" nocase $IoC85 = "invaision" nocase $IoC86 = "РоссияБЕЗпутина" nocase $IoC87 = "PutinIsFalling" nocase $IoC88 = "PutinWarCrimes" nocase $IoC89 = "StopWarInUkraine" nocase $IoC90 = "resist" nocase $IoC91 = "SlavaUkrayini" nocase $IoC92 = "FreeBelarus" nocase $IoC93 = "FKPutin" nocase $IoC94 = "FKLukashenko" nocase $IoC95 = "правдаовойне" nocase $IoC96 = "IStandWithZelenskyy" nocase $IoC97 = "PutinWarCriminal" nocase $IoC98 = "ClosetheSkyoverUkraine" nocase $IoC99 = "AdolfPutin" nocase $IoC100 = "PutinHitler" nocase $IoC101 = "RussiaInvadedUkraine" nocase $IoC102 = "WWII" nocase $IoC103 = "nuclearwar" nocase $IoC104 = "санкции" nocase $IoC105 = "бомбит" nocase $IoC106 = "диверсионные" nocase $IoC107 = "Удары" nocase $IoC108 = "армия" nocase $IoC109 = "пиздец" nocase $IoC110 = "мир" nocase $IoC111 = "мирные" nocase $IoC112 = "Путину" nocase $IoC113 = "Украины" nocase $IoC114 = "Россияне" nocase $IoC115 = "АЭС" nocase $IoC116 = "США" nocase $IoC117 = "НАТО" nocase $IoC118 = "Chernihiv" nocase $IoC119 = "Kherson" nocase $IoC120 = "донецк" nocase $IoC121 = "Луганск" nocase $IoC122 = "DearsForPeace" nocase $IoC123 = "МыНеМолчим" nocase $IoC124 = "newsua" nocase $IoC125 = "newsru" nocase $IoC126 = "НетвойнеУкраиныпротивДонбасса" nocase $IoC127 = "санктпетербург" nocase $IoC128 = "зеленський" nocase $IoC129 = "ДаПобеде" nocase $IoC130 = "SWIFT" nocase $IoC131 = "київ" nocase $IoC132 = "тихийпикет" nocase $IoC134 = "russianinvasion" nocase $IoC135 = "Противійни" nocase $IoC136 = "ПУТИН_ВИНОВЕН" nocase $IoC137 = "донбасс" nocase $IoC138 = "EuroMaidan" nocase $IoC139 = "Ирпень" nocase $IoC140 = "беларусь" nocase $IoC141 = "Maidan" nocase $IoC142 = "МойЛуганск" nocase $IoC143 = "StayWithUkraine" nocase $IoC144 = "Zelenskiy" nocase $IoC145 = "НетБезумию" nocase $IoC146 = "питер" nocase $IoC147 = "CoupdEtat" nocase $IoC148 = "бандеровцы" nocase $IoC149 = "всу" nocase $IoC150 = "Кремль" nocase $IoC151 = "BanRussiafromSwift" nocase $IoC152 = "бомбардировки" nocase $IoC153 = "Лавров" nocase $IoC154 = "Rusya" nocase $IoC155 = "АрмияРоссии" nocase $IoC156 = "SanctionRussiaN" nocase $IoC157 = "российское_вторжение" nocase $IoC158 = "ДавайЗаМир" nocase $IoC159 = "НоваяКаховка" nocase $IoC160 = "Irpin" nocase $IoC161 = "worldwar3" nocase $IoC162 = "Moscow" nocase $IoC163 = "переговоры" nocase $IoC164 = "русские" nocase $IoC165 = "ООН" nocase $IoC166 = "Евросоюз" nocase $IoC167 = "путинхуйло" nocase $IoC168 = "терроризм" nocase $IoC169 = "Минобороны" nocase $IoC170 = "WWIII" nocase $IoC171 = "митинг" nocase $IoC172 = "РусскаяВесна" nocase $IoC173 = "DonbassWar" nocase $IoC174 = "янемолчу" nocase $IoC175 = "РоссияУбивает" nocase $IoC176 = "русскийсолдат" nocase $IoC177 = "времяпомогать" nocase $IoC178 = "Шойгу" nocase $IoC179 = "ЗаПрезидента" nocase $IoC180 = "наДонбассевойна8лет" nocase $IoC181 = "МнеНеСтыдно" nocase $IoC182 = "русскиймир" nocase $IoC183 = "россияукраина" nocase $IoC184 = "ЯМыПутин" nocase $IoC185 = "ЕдинаяРоссия" nocase $IoC186 = "DeadRussianSoldiers" nocase $IoC187 = "ВКСРоссии" nocase $IoC188 = "КремлевскиеСМИ" nocase $IoC189 = "Русскиелюди" nocase $IoC190 = "КризиснаДонбассе" nocase $IoC191 = "денацификация" nocase $IoC192 = "Putler" nocase $IoC193 = "русскийТопот" nocase $IoC194 = "россиявставай" nocase $IoC195 = "hack_russia" nocase $IoC196 = "hacker" nocase $IoC197 = "russia-must-be-stopped" nocase $IoC198 = "DDOS" nocase $IoC199 = "warship" nocase $IoC200 = "NoRussian" nocase $IoC201 = "ban-dera" nocase $IoC202 = "stoppropaganda" nocase $IoC203 = "notowar" nocase $IoC204 = "peacenotwar" nocase $IoC205 = "Слава ВСУ" nocase $IoC206 = "https://imgbox.com/KKG4cOJj" nocase $IoC207 = "SlavaUkraine" nocase $IoC208 = "Slava Ukraine" nocase $IoC209 = "motix.com.ua" nocase $IoC210 = "aggressor" nocase $IoC211 = "fascism" nocase $IoC212 = "IT ARMY of Ukraine" nocase $IoC213 = "number_of_errored_responses" nocase $IoC214 = "itarmyofuraine" nocase $IoC215 = "itarmyofukraine2022" nocase $IoC216 = "itARMYofUkraine2022_INT" nocase $IoC217 = "StandWith" nocase condition: 1 of them }
The text was updated successfully, but these errors were encountered:
No branches or pull requests
check my rule for source code:
rule AntiRussianProtestware { meta: custom_title = "Protestware" custom_level = "High" // High, Medium, Low custom_description = "Potentially contains a political slogan and may also contain a backdoor somewhere" strings: $IoC1 = "Украина" nocase $IoC2 = "нетвойне" nocase $IoC3 = "Support Ukraine" nocase $IoC4 = "Россия" nocase $IoC5 = "Харьков" nocase $IoC6 = "Херсон" nocase $IoC7 = "мариуполь" nocase $IoC8 = "война" nocase $IoC9 = "НетПутину" nocase $IoC10 = "mariupol" nocase $IoC11 = "україна" nocase $IoC12 = "Stop War" nocase $IoC13 = "StopWar" nocase $IoC14 = "Ukraine War" nocase $IoC15 = "UkraineWar" nocase $IoC16 = "stands with ukraine" nocase $IoC17 = "нетвойнесУкраиной" nocase $IoC18 = "Russia" nocase $IoC19 = "Путин" nocase $IoC20 = "Stop The War" nocase $IoC21 = "StopTheWar" nocase $IoC22 = "StopRussianAggression" nocase $IoC23 = "Киев" nocase $IoC24 = "No War" nocase $IoC25 = "NoWarWithUkraine" nocase $IoC26 = "UkraineRussie" nocase $IoC27 = "Stand With Ukraine" nocase $IoC28 = "StandWithUkraine" nocase $IoC29 = "Зеленский" nocase $IoC31 = "RussiaUkraineConflict" nocase $IoC32 = "SaveUkraine" nocase $IoC33 = "StopRussia" nocase $IoC34 = "Сумы" nocase $IoC35 = "UkraineInvasion" nocase $IoC36 = "stopputin" nocase $IoC37 = "СлаваУкраїні" nocase $IoC38 = "UkraineRussiaCrisis" nocase $IoC39 = "Гостомель" nocase $IoC40 = "UkraineConflict" nocase $IoC41 = "FlyAway" nocase $IoC42 = "войска" nocase $IoC43 = "ДНР" nocase $IoC44 = "NoWar" nocase $IoC45 = "Одесса" nocase $IoC46 = "Харків" nocase $IoC47 = "Kiev" nocase $IoC48 = "Ukraina" nocase $IoC49 = "России" nocase $IoC50 = "Херсоне" nocase $IoC51 = "путинубийца" nocase $IoC52 = "протесты" nocase $IoC53 = "Donbass" nocase $IoC54 = "нацизм" nocase $IoC55 = "Одеса" nocase $IoC56 = "геноцид" nocase $IoC57 = "europe" nocase $IoC58 = "фашизм" nocase $IoC59 = "Odesa" nocase $IoC60 = "Odessa" nocase $IoC61 = "ЛНР" nocase $IoC62 = "лукашенко" nocase $IoC63 = "Москва" nocase $IoC64 = "IStandWithUkraine" nocase $IoC65 = "Мелитополь" nocase $IoC66 = "невойне" nocase $IoC67 = "СвоихНеБросаем" nocase $IoC68 = "DonbassTragedy" nocase $IoC69 = "See4Yourself" nocase $IoC70 = "Think4Yourself" nocase $IoC71 = "WeRemember" nocase $IoC72 = "IstandwithRussia" nocase $IoC73 = "Novorossiya" nocase $IoC74 = "РаботайтеБратья" nocase $IoC75 = "Welcome2Crimea" nocase $IoC76 = "Crimea" nocase $IoC77 = "CrimeanSpring" nocase $IoC78 = "IStandWithPutin" nocase $IoC79 = "русскиеидут" nocase $IoC80 = "imwithrussia" nocase $IoC81 = "ProudToBeRussian" nocase $IoC82 = "StopPutinNow" nocase $IoC83 = "SlavaUkraini" nocase $IoC84 = "HelpUkraine" nocase $IoC85 = "invaision" nocase $IoC86 = "РоссияБЕЗпутина" nocase $IoC87 = "PutinIsFalling" nocase $IoC88 = "PutinWarCrimes" nocase $IoC89 = "StopWarInUkraine" nocase $IoC90 = "resist" nocase $IoC91 = "SlavaUkrayini" nocase $IoC92 = "FreeBelarus" nocase $IoC93 = "FKPutin" nocase $IoC94 = "FKLukashenko" nocase $IoC95 = "правдаовойне" nocase $IoC96 = "IStandWithZelenskyy" nocase $IoC97 = "PutinWarCriminal" nocase $IoC98 = "ClosetheSkyoverUkraine" nocase $IoC99 = "AdolfPutin" nocase $IoC100 = "PutinHitler" nocase $IoC101 = "RussiaInvadedUkraine" nocase $IoC102 = "WWII" nocase $IoC103 = "nuclearwar" nocase $IoC104 = "санкции" nocase $IoC105 = "бомбит" nocase $IoC106 = "диверсионные" nocase $IoC107 = "Удары" nocase $IoC108 = "армия" nocase $IoC109 = "пиздец" nocase $IoC110 = "мир" nocase $IoC111 = "мирные" nocase $IoC112 = "Путину" nocase $IoC113 = "Украины" nocase $IoC114 = "Россияне" nocase $IoC115 = "АЭС" nocase $IoC116 = "США" nocase $IoC117 = "НАТО" nocase $IoC118 = "Chernihiv" nocase $IoC119 = "Kherson" nocase $IoC120 = "донецк" nocase $IoC121 = "Луганск" nocase $IoC122 = "DearsForPeace" nocase $IoC123 = "МыНеМолчим" nocase $IoC124 = "newsua" nocase $IoC125 = "newsru" nocase $IoC126 = "НетвойнеУкраиныпротивДонбасса" nocase $IoC127 = "санктпетербург" nocase $IoC128 = "зеленський" nocase $IoC129 = "ДаПобеде" nocase $IoC130 = "SWIFT" nocase $IoC131 = "київ" nocase $IoC132 = "тихийпикет" nocase $IoC134 = "russianinvasion" nocase $IoC135 = "Противійни" nocase $IoC136 = "ПУТИН_ВИНОВЕН" nocase $IoC137 = "донбасс" nocase $IoC138 = "EuroMaidan" nocase $IoC139 = "Ирпень" nocase $IoC140 = "беларусь" nocase $IoC141 = "Maidan" nocase $IoC142 = "МойЛуганск" nocase $IoC143 = "StayWithUkraine" nocase $IoC144 = "Zelenskiy" nocase $IoC145 = "НетБезумию" nocase $IoC146 = "питер" nocase $IoC147 = "CoupdEtat" nocase $IoC148 = "бандеровцы" nocase $IoC149 = "всу" nocase $IoC150 = "Кремль" nocase $IoC151 = "BanRussiafromSwift" nocase $IoC152 = "бомбардировки" nocase $IoC153 = "Лавров" nocase $IoC154 = "Rusya" nocase $IoC155 = "АрмияРоссии" nocase $IoC156 = "SanctionRussiaN" nocase $IoC157 = "российское_вторжение" nocase $IoC158 = "ДавайЗаМир" nocase $IoC159 = "НоваяКаховка" nocase $IoC160 = "Irpin" nocase $IoC161 = "worldwar3" nocase $IoC162 = "Moscow" nocase $IoC163 = "переговоры" nocase $IoC164 = "русские" nocase $IoC165 = "ООН" nocase $IoC166 = "Евросоюз" nocase $IoC167 = "путинхуйло" nocase $IoC168 = "терроризм" nocase $IoC169 = "Минобороны" nocase $IoC170 = "WWIII" nocase $IoC171 = "митинг" nocase $IoC172 = "РусскаяВесна" nocase $IoC173 = "DonbassWar" nocase $IoC174 = "янемолчу" nocase $IoC175 = "РоссияУбивает" nocase $IoC176 = "русскийсолдат" nocase $IoC177 = "времяпомогать" nocase $IoC178 = "Шойгу" nocase $IoC179 = "ЗаПрезидента" nocase $IoC180 = "наДонбассевойна8лет" nocase $IoC181 = "МнеНеСтыдно" nocase $IoC182 = "русскиймир" nocase $IoC183 = "россияукраина" nocase $IoC184 = "ЯМыПутин" nocase $IoC185 = "ЕдинаяРоссия" nocase $IoC186 = "DeadRussianSoldiers" nocase $IoC187 = "ВКСРоссии" nocase $IoC188 = "КремлевскиеСМИ" nocase $IoC189 = "Русскиелюди" nocase $IoC190 = "КризиснаДонбассе" nocase $IoC191 = "денацификация" nocase $IoC192 = "Putler" nocase $IoC193 = "русскийТопот" nocase $IoC194 = "россиявставай" nocase $IoC195 = "hack_russia" nocase $IoC196 = "hacker" nocase $IoC197 = "russia-must-be-stopped" nocase $IoC198 = "DDOS" nocase $IoC199 = "warship" nocase $IoC200 = "NoRussian" nocase $IoC201 = "ban-dera" nocase $IoC202 = "stoppropaganda" nocase $IoC203 = "notowar" nocase $IoC204 = "peacenotwar" nocase $IoC205 = "Слава ВСУ" nocase $IoC206 = "https://imgbox.com/KKG4cOJj" nocase $IoC207 = "SlavaUkraine" nocase $IoC208 = "Slava Ukraine" nocase $IoC209 = "motix.com.ua" nocase $IoC210 = "aggressor" nocase $IoC211 = "fascism" nocase $IoC212 = "IT ARMY of Ukraine" nocase $IoC213 = "number_of_errored_responses" nocase $IoC214 = "itarmyofuraine" nocase $IoC215 = "itarmyofukraine2022" nocase $IoC216 = "itARMYofUkraine2022_INT" nocase $IoC217 = "StandWith" nocase condition: 1 of them }The text was updated successfully, but these errors were encountered: